On any given day you may need to enter 10-15 passwords if you use the following on a regular basis:
- Online banking
- Social media
- Mobile apps
- Licensed software
- Line of Business apps
- Web apps
Whether it’s for work or personal use, passwords are an integral part of our routines at every level of access. And with the increasing complexity of illicit attempts to enter our lives of password-laden data, it forces us to adapt and further enforce our own internal password policies and procedures.
In doing so, it also creates additional points of user vulnerability if we continue to rely on outdated password storage recall techniques. Some common examples include (but are not limited to):
- Using the same password for each login. In this case, a single breach would give a hacker access to everything.
- Using similar passwords with slight relative differences. For example, using jimsMicrosoftpassword2019 for Windows and jimsGooglepassword2019 for Google. Hacking algorithms have shown these types of passwords can be easily cracked.
- Using different passwords for everything but storing them in a centrally located area. For instance in a folder labeled “Passwords” or on a Windows sticky note. The risk is that with one wrong remote desktop session you could expose your information for the world to see.
Password Management Controls are Your Only Defense
With all the threats facing us today, your only defense is creating a unique, multi-faceted, multi-word phrase password every two to four weeks that’s paired with 2-Factor Authentication. (Learn more about Multi-Factor Authentication and Password Policies in our previous blog posts.)
For example, let’s go back and update old weak passwords into big strong passwords and we may get a password for Windows that looks like this: Br0wn mill3r V1rtuE #Pige0n For3. And a password for a Line of Business application that looks like this: 5ilent r0ck @Tum3ric 1celanD F4ce.
These are much stronger passwords, but how are you or your employees supposed to remember a single password like this, let alone 10 or more?
You can either write them down on a piece of paper, which can make you a walking target, or you can implement a password management tool that does the heavy lifting for you. Solutions like 1password and LastPass offer built in features and utilities such as:
- Browser integrations for autofill and form fill
- Complex password generation
- Username generation
- Encrypted vaulting for passwords and payment data
- Some even offer a digital wallet for secure pay
When you assess the risks, it becomes more a matter of ‘when’ you are going to implement password management rather than ‘if’ you should. This may sound like a lot of work for some of you reading this, but it’s nothing compared to being hacked, crypto locked, or scrambling reactively after a critical data breach.
Sadly, the days of cleverly using our dog’s birthday as a universal password no longer cut it against the ever-advancing threats to your secure data; so if you would like to learn how EXP Technical can implement effective password management, policies, and training into your cybersecurity defense plan contact us today!