Your Password Best Practices Primer for 2018 – Part 1
Every year, we post a piece about best practices in password management to help you improve your
cybersecurity. Why? Three core reasons:
- Stealing passwords from individual users is
one of the best avenues for cybercrooks to compromise business systems. Per one study, an average of
95 passwords were stolen every second during 2016. Given the
rising incidence of data breaches last year, the pace of password theft surely hasn’t slowed as we move into 2018.
- Many technology users remain lazy password
practitioners. Case in point: Per the annual “
Worst Passwords” report by SplashData, “123456” was the top most-used password for the fourth consecutive year. “Password” came in second. About one in 10 people surveyed by SplashData admitted using at least one of the bad passwords on the list of 100 weak ones.
- Per an international study by software maker LastPass and the analyst firm Ovum, more than
60% of IT executives rely exclusively on employee education to enforce strong passwords. Yet, the same survey found more than three quarters of the workers polled reported they regularly have problems with passwords usage or management. There’s an obvious disconnect afoot.
So, our quest to evangelize password practices persists. Here are five powerful password usage and management tips that we gleaned from reviewing articles on the topic, including our own posts:
Offer your users a little help.
- Choose and communicate a clear definition of
what constitutes a “strong password.”
Current IT industry consensus holds “strong” passwords should be at least 10 to 15 characters and include a mix of lower case and capital letters, numbers and special characters – e.g., @, $, or *-- and be unrelated to any prior passwords.
- Advocate unique passwords for every account,
website and/or app – business or personal.
Cybercrooks who breach LinkedIn accounts aren’t stealing resumés. They’re researching how users think. Using the same password – or even similar ones – for other social platforms and business applications could create pathways for hackers to wreak havoc in personal and professional
- Advise users to avoid patterns across
Using variations of standard passwords for different sites is called “salting.” An example would be a company leader who uses “CEOfb” for Facebook and “CEOtwtr” for Twitter. Once a hacker discovers the logic applied to creating these variations, cracking the
code of dozens of passwords doesn’t take long.
- Tell your team to leave their personal
interests out of passwords.
Through social platforms such as Facebook, Twitter and LinkedIn, hackers can study someone’s private life and crack logical patterns like “salting.” So, never use the names of family members, including pets. Plus, remove references to easily researched
histories, hobbies and the like. For example, are any members of your staff avid followers of Game of Thrones? Well then, suggest using “QuEEn*of*Dr@g0ns” may be a dangerous password for them. And if their Facebook pages refer to where they attended high school, they shouldn’t pick “What was your high school
mascot?” as a security question.
Ask your IT Managed Services Provider (MSP) for reviews and ratings of the best password generators and password managers available on the market. Your MSP has insight and experience helping multiple clients with cybersecurity and understands your unique needs, too.