Keep Your Passwords Secure
As a managed IT support company, we can tell you that we’ve seen (and heard) our fair share of password no no’s. There’s nothing that will shake our heads faster than approaching someone’s workstation and the passwords to their computer is on a sticky note on the monitor. What is even the point of having a password then?
Anyone walking by, including cleaning staff, clients, disgruntled employees, ANYONE can login with your credentials and wreak havoc on your business network. You will be the one blamed. Maybe you even have your personal banking login, email, or any number of things you would prefer to keep confidential saved on your computer. Allowing anyone passing by, access to your computer can be a very bad thing.
We aren’t just talking about your company login here though. There are reports all of the time about one service or another having their customer login information compromised. When one account gets hacked, it may not be a hard leap for them to figure out the rest of your logins, especially if you use the same password everywhere.
Best Password Practices
We’ve compiled a list of our favorite password best practices, and definitely recommend you use them (and change your password today if you are breaking any).
- Don’t use common ones – Here is a list of the most common passwords from 2016. Don’t use password, or password1, or 123456, or really anything else on that list.
- Change the one they gave you – When your account is created for you, often you are given a default password. It’s best to change it right away to something different. You never know how many people in the organization also have the same password!
- Avoid using words found in the dictionary – If your password can be found in the dictionary, it’s not a very secure password. There are programs that can run through the entire dictionary trying words to get into your account in minutes.
- Don’t use significant dates in your life, pet or children’s names or your hobbys – Anyone doing a little big of digging on social media can easily guess some items that could be used as a password and try those.
- Avoid storing your password out in the open – As I mentioned earlier, the password on a sticky note on the monitor (or under the keyboard, which can be just as bad), is not a good idea. Another place to NOT keep your password is in your wallet or a desk drawer.
- Have different passwords for different accounts – On top of this, never, ever use your email password for any other online site. Online stores are much more easily compromised, and if they get your password there, chances are they will try it for your email. Once they’ve hacked your email, they can access anything. Most “forgot password” links will send you an email, which they can then use.
- Use upper and lowercase letters, numbers and special characters – The more complex your password is, the harder it will be to crack. The longer the password is, the better. I try to hit over 15 characters, and I use 20 for places I really want secured.
- Use multi-factor authentication when you can – Multi-factor authentication requires an extra step when accessing your account. The best kind is something you know paired with something you have. Password + fingerprint, or password + app on your phone are both things that can work. Anything, though, that offers an additional step to gain access to your account will make you more secure.
Now that I’ve made it almost impossible for you to remember your passwords to various websites and accounts, how are you going to keep track of it all? Password management systems like LastPass are great to help you with of all of your logins. They can even help you generate secure passwords for when you need to create one. The passwords they generate are completely random letters, numbers and characters, and you can set the length needed. There are apps for your phone, so even when you are mobile you still have access to all of your passwords. Just make sure you secure your phone as well!
If you still aren’t on board with using a password manager, then do something to make words you use a little more secure. For example, you want your password to be your pet’s name, which is sparky. You could use special characters for some of the letters and add something to it like [email protected]^yD3c2014 (sparky was born dec 2014). You could also take the first letter from every word from a movie quote you like. Tnc1BB!!1992 (There’s no crying in baseball (the i from in is a number 1)!! 1992 being the year that the movie the quote is from came out. There are definitely many ways you can change something you can remember into a very secure password.
So, you have been warned. If we see another password stuck to a monitor when we come around…..
Eric is the owner and CEO of Protek Support and is a CISSP (Certified Information Systems Security Professional). He graduated from Utah State University with a Bachelors of Science degree in Business with an emphasis in Information Technology (IT). He is an IT Services expert in a variety of technology related fields. Some of these fields include document management software/hardware, enterprise level networking and VoIP phone systems, as well as large scale software implementation projects and the setup of small business networks.