What is a Weak Password?
Have you ever created an account on a website and seen the scale that shows whether the password you are entering is weak or strong?
This can be very helpful, but so is knowing the criteria that determine this. Here are things that we, as a Managed IT Services company, can tell you will result in weak passwords:
- Using only letters (but we are going to show you something that may get around this)
- Using only numbers
- Using short passwords
- Using personal information like your cat’s name, your birthday, or home address
- Using generic terms (yes, people still use things like password123)
- Using your username as your password (you’d be amazed by how many people do this)
Remember, your password is a code and the more complex it is, the harder it is to decipher and the safer your company data will be.
Using One Password
Using the same password on every website, application, and such is a VERY bad idea.
While it might make your life easier, it also makes life easier for those who would try and hack into your accounts.
As an MSP we have gained experience in this field and we know how difficult it is to deal with a hacked bank account. Imagine if all your bank accounts, credit cards, etc., were hacked at the same time. Oh my!
As annoying as it may be, we can’t stress this enough: you really need different passwords for each account or application.
We have all seen prompts to store passwords when we open up new accounts or change them. It certainly makes life easier… Until it doesn’t.
This greatly increases the chances of one or more of your accounts being hacked. If you’re using the same password on multiple accounts, it gets even easier for the bad guys.
Nowadays you have options such as LastPass, 1password and others – these are great and will help you keep up with updates and other changes to your accounts.
Call your managed service provider and ask about these, we’re sure they can give you advice on safely storing your passwords.
Creating Strong, Secure Passwords
Here are some basic, generally accepted tips:
- Use at least 12 characters. The longer the better.
- Mix capital letters, numbers, and symbols to create your passwords.
- Change your passwords at least quarterly, especially for any online banking accounts.
- Do not write these down in any way that would allow others can gain access. If you do write something down, make sure you don’t also include the username or account information.
There are practical and impractical ways to create safe passwords.
We have all created online accounts and been given suggested passwords. Something like: FH78$5dJu#2wQhUjkL – ideal but just try remembering passwords like this for 2 credit cards, 2 bank accounts, and a couple of emails – no thank you.
That said, here is a new perspective: current thinking indicates that the most secure passwords are actually strings of unconnected words: thatfamousconcertiwentto. Then add some capital letters and a few numbers: THATfamousC0ncertiWent2 and there you have it! A very strong password that’s easy for you to remember and hard for the bad guys to figure out.
You’re now probably thinking: I have eight financial accounts, how can this possibly be practical? Even more, maybe you’re running a business and can’t expect your employees to do that.
Let’s look at some practical solutions.
This is a practical solution for many businesses as they allow you to maintain a large number of passwords and can keep additional account information about your accounts with less risk involved.
They work in the same manner as the auto-populate features that fill in your online forms by storing your login credentials for your different accounts so that your usernames and passwords are automatically entered for you.
An additional benefit of this type of application is that it discourages hacker attacks such as “keystroke logging” where the hacker is able to figure out your passwords by surreptitiously recording your keystrokes. It also means that once your passwords are stored inside the app, you only have to remember one single password.
Many password managers also incorporate multi-factor authentication, something that we, as a Managed IT Services company, applaud – great for users and businesses alike.
The best way to explain this is by example. Did you ever need to reset your password from a bank and they required you to enter a code they sent you before proceeding? This is one form of multi-factor authentication.
Realistic Password Protection for Individuals
While in today’s world nothing is truly 100% safe, we believe that the average person can develop a system to almost get there.
Here is one method that may work for you. Just keep 2 things in mind: 1) your passwords still need to be changed every three months, and 2) it’s still a bit of work. There is no such thing as simple password protection.
As we stated, experts currently believe that the most secure passwords are those made of three unrelated words like carouseltabledrum or relaxsweetfloor.
Then change a couple of letters to capitals and numbers using a system so you can remember which ones you changed. Let’s say you were born in 1968. Capitalize the 1st and 9th letters. Change the 6th and 8th letters to a number and a character. Now you have Carou$e1Tabledrum and Relax$w3Etfloor.
That’s the concept. Now, to put it into action, make a list of six totally unrelated words. We are already using: carousel, table, drum, relax, sweet, floor, so we will stick with these.
Important: the first letter of each word must be different.
To remember these first two passwords, we are going to remember the first letter of each of the words: ctd and rsf, then for every additional password we need, do the same thing using different combos of these six: fds, tds, dsr, etc. In other words, we are using different combinations of the same six words and making the recommended changes to make them even better.
You’re all set to create some of the most secure passwords.
As a business executive, keeping up with passwords and security measures and general IT is a task!
Don’t forget to add in training and monitoring to make sure these practices stick.
Impossible? Costly? Not really.
Having a highly-skilled team with the know-how to perform all the required IT actions on a daily basis might come with a high price tag to many companies – not the case when you have the correct Managed IT Service Provider protecting your team and your data while reducing your IT costs by 25% to 30%.
Reach out to us today to get started with an assessment. We stand ready to help.