May 29, 2018
Written by Bob Meshinsky, Practice Leader for Forensic Services and Cyber Security at WGM Information Security
We have all been there. You are opening a new account online and need to create a username and a unique password. You enter a username in the box, which usually is one of your email accounts or a combination of your first and last name, and then hit tab. You are now asked to create a unique password using the password complexity requirements. This is where it gets fun. Some users get very creative while others struggle just to meet the requirements. Once you have created the password, ask yourself the following questions:
- Is my password strong enough? It is recommended that a password be between 12 to 14 characters, use a combination of lowercase and uppercase alphabetic characters, numbers, and symbols. Avoid character repletion (1111111111), keyboard patterns (qwertyuiop), dictionary words (dictionary) or pet’s names etc. (luckydog).
- Is my password a common password? 2016 was another massive year for data breaches. The Keeper research team analyzed over 10 million passwords available on the public web and the results showed that nearly 17% of users are safeguarding their accounts with “123456”. The top 10 Most Common Passwords of 2016 also included 2) 123456789, 3) qwerty, 4) 12345678, 5) 111111, 6) 1234567890, 7) 1234567, 8) password, 9) 123123 and 10) 987654321.¹
- Do I recycle my passwords? Are you using the same username and password on several sites? If Facebook gets hacked does the hacker also have your Google Mail username and password or worst yet, the key to your bank account? You should have unique passwords for each account!
- How can I remember all those passwords? Should I write them on a piece of paper or the notes section on my phone? Use a Password Manager tool.² You will only need to remember one password to access the application. The tool will store and encrypted all your passwords and enable you to launch your applications from within it.
- Should I use Two-Factor Authentication (2FA) if it is available? Yes! This is an extra layer of security when accessing your applications. Most sites will send a code via your smart phone for 2FA. Several of the Password Manger tools also offer 2FA thus offering users piece of mind knowing that if someone tried to access their account they would be notified.
Passwords are very important and we should treat them as such. A weak or recycled password can leave you vulnerable. Take the time now to re-evaluate your personal password policy and make the necessary changes before it is too late.
¹ keepersecurity.com Most Common Passwords of 2016 Keeper Security Study
² A review of the best Password Mangers of 2018 can be found at this link: http://www.pcmag.com/article2/0,2817,2407168,00.asp