Good Password Hygiene
Chuck's Cyber Wall
October is Cybersecurity Month, so it’s the perfect time to talk about what it means to have Good Password Hygiene. Before we get to that, though, let’s look at some common password issues that make us vulnerable to cyberattacks.
- 91% of people know that password reuse is insecure, yet 75% do it anyway
- 73% of people reuse work passwords for personal accounts
- 49% of employees use the same password repeatedly and change a single digit at the end when forced to update it
- There’s been a year-over-year 300% increase in stolen credentials for the past 4 years
- Microsoft announced that there are currently 44 million accounts vulnerable to takeover due to stolen passwords
- Stolen passwords account for 81% of hacking data breaches
From a cybersecurity standpoint, that first stat is terrifying. We all know it’s a bad practice to reuse passwords – so why do we do it? The answer is pretty simple. We’re afraid of forgetting our passwords. That’s it. And cybercriminals rely on this type of vulnerability, preying on our poor password habits.
WIN WITH GOOD PASSWORD HYGIENE
Let’s be honest. Looking at that first stat – 91% of people know that password reuse is insecure, yet 75% do it anyway – it’s painfully obvious that nothing I say here will change the world. For people to change their behaviors, they have to want to change. For this reason, organizations constantly look for ways to make their passwords more secure, whether by forcing password changes, adding multi-factor authentication (MFA), or employing security awareness training and tests.
For those concerned with Protecting Your Digital Identity, it is imperative to Practice Good Password Hygiene.
But what does that mean?
Password hygiene is simply embracing best practices to take control of and protect your digital identity in this increasingly dangerous world. We can manage our password security by following five simple rules – there are seven rules for washing your hands, so this is even easier.
Rule #1: Choose a Strong Password!
We talk about this a lot. The best practice for creating a Strong Password is to use a phrase that’s at least 16 characters long, is easy to remember, and not composed entirely of dictionary words, such as: my3catzRspoiled!
Why is this Important? When it comes down to it, the two most important factors to a strong password are length and memorability. Brute force attacks can crack an 8-character password in around 30 seconds. Writing down passwords makes them vulnerable to social engineering. A password that is 16 characters long that you can easily remember is a secure password.
Rule #2: Don’t Reuse Passwords!
Seriously, just don’t. Reusing passwords is the worst habit to get into, but some of us will still do it. So, let’s start with this. The goal is to use a unique password for all sites, but if you need someplace to start, it’s especially important for:
- work email
- personal email
- bank accounts
- work accounts
Why is this Important? You could be the best at avoiding phishing scams and making strong passwords, but data breaches happen. If that superhero message board you enjoy gets hacked and you’re using the same password for your personal or work accounts, you have just opened the door to welcome the hackers.
Rule #3: Use Multi-Factor Authentication (MFA) Wherever Possible!
There is no single technology more effective at combating credential-stealing scams than MFA. By requiring a PIN, phone call, push, etc., even if hackers get your username and password, they won’t be able to access your account.
Why is this Important? We know that hackers are willing to pay handsomely for stolen credential lists, and between phishing scams and data breaches, your information has never been more vulnerable. MFA continues to protect you even if your credentials get exposed. While this doesn’t negate the need for a strong password, it does make the account safer. Of course, not all services offer MFA, so those accounts are still vulnerable if you reuse passwords.
Rule #4: Use a Password Manager!
Remember we said that the primary reason people reuse passwords is that we’re afraid of forgetting them? A Password Manager stores your passwords for you in an encrypted format, so you won’t need to remember hundreds of unique passwords, just one.
Why is this Important? The average person uses 191 services that require passwords. There is no way anyone will remember a unique password for all of them (yes, that is a challenge; prove me wrong). With the number of secure, easy-to-use, and free (personal) or low-cost (business) Password Managers available, the piece of mind these provide alone makes them worthwhile.
Rule #5: Use Antivirus and Keep It Updated!
A good antivirus program is like hiring a guard to watch over your computer to keep intruders out. The point of Good Password Hygiene is to keep the hackers out, but a single piece of malware can undo all that good work.
Why is this Important? Any computer that doesn’t have an Antivirus program on it is vulnerable. Malware can encrypt your files and lock you out, spy on you, steal your information, and even record everything you do. It doesn’t matter how great your password habits are, if a hacker can install malicious code on your computer, they can bypass all that security and go straight for your finances or files.
GOOD PASSWORD HYGIENE IS WORTH THE EFFORT!
Don’t fall for the false sense of security that comes with believing you are not important enough to be hacked. Cybercriminals want your information. This is not paranoia, hyperbole, or propaganda. There are new lists of stolen credentials sold on the dark web every day, and sometimes, it’s months between when a data breach occurs and when it’s discovered. We can’t rely on others to keep our credentials safe, so having good Password Hygiene could be the only thing that keeps your digital identity safe from cyber criminals.
If you’re not sure where to get started with cybersecurity, give us a call at 301-456-6931 or send an email to [email protected] and see why we are simply the Best Choice in IT Support Services.
Director of Cybersecurity and Marketing
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small businesses, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com