We all know the importance of strong passwords, and the security they provide – yet, they still seem to be a chore. Using strong passwords is like wearing a bicycle helmet; it’s protection for when bad things happen, and hopefully prevents the worst case scenario.
Now that we’re through the holiday season, especially this year with online shopping being so prevalent, it’s more important than ever to keep your personal, and payment information secure. What’s the best way to do that? Strong passwords!
“According to the recent Verizon Data Breach Investigations Report, over 70% of employees reuse passwords at work.”
It may seem elementary, but we all get lazy when it comes to password management. Your password is often-times the only barrier between your personal information, and the world.
Let’s talk password basics.
Your Password Should be Unique
Despite knowing we shouldn’t, most of us use the same password for multiple things – giving bad actors the ability to gain access to multiple accounts, and sets of information.
“We observe that 17.0% of the 22 million email addresses in multiple leaks re-used a password at least once.”
As security experts, we at Lark Security have seen it all when it comes to password management strategies. They range from a pile of sticky notes or password protected documents, to all kinds of cute patterns for creating apparent randomness.
What prevents people from using unique passwords seems to be a multi-part problem:
- People are unaware of the tools that exist to help with password management
- People perceive the time investment to switch passwords would be too great
- People are unclear as to what the term “good password management” really means
Your Password Should be Strong
While many organizations have their own set of rules for password management, the generally accepted minimum tends to be as follows. A strong password should have the following features:
- 12-16 characters at a minimum, longer is better
- A mix of characters, numbers, cases, and symbols
- Is truly random – no cure patterns, dates, sport team names, city names, etc.)
- Is unique (no password re-use – both across platforms, and upon expiration)
EACH and EVERY login should have a password that meets these criteria. And this is the issue — most people find to be way too much work.
Password Vaults Put the Good Kind of Lazy Into Password Management
Password vaults are purpose-built tools that store your passwords in an encrypted database. They make it easy to find password records and allow users to copy/paste the password so it doesn’t slow you down too much. Most importantly, they provide password generators that randomly generate strong passwords for you – some tools even provide you a password history. There are a variety of good online and offline vaults, free and paid. We have some that we really like, and would highly recommend using. They are:
- Dashlane
- 1Password
- Keepass
Offline Password Vaults
Offline password vaults are programs that store an encrypted database on your hard drive. You’ll need to back it up somewhere else (dropbox, google drive, onedrive, etc.) on a regular basis. Offline vaults require a bit more time to manage, but they are typically free (open source, too!) and they better protect against the vulnerabilities that may exist with online password vaults that sync to a cloud service. Online vaults are not immune to cyber-attacks, so needing physical access to the encrypted file provides an added layer of security.
There are many options for online vaults. One we really recommend is called KeePass, or their KeePassXC, which has a slightly better interface and allows for backup of Multi-Factor-Authentication (MFA) codes. It can be used as an MFA application in the event that you don’t have your cell phone on you. Both are free, and run on Windows, Mac, and Linux. KeePass also has IOS and Android mobile versions.
With tools like those mentioned above in place, and proper password strength, you’re more protected from cyber attackers than you’ve ever been! A simple password breach can cause a huge headache, especially around the holidays. No one wants to have to cancel credit cards and bank accounts because they were breached.
Lark Security is here to help make sure your personal, employee, and customer information stays secure and protected. As HITRUST certified assessors, we’re experts in cyber security, with decades of hands-on experience as CISOs. We offer industry leading vulnerability scans and penetration testing to see where you stand, and we’ll make recommendations on areas that need improvement.
Keep an eye out for Part 2 of this blog in upcoming weeks!