With the recent high-profile social media account hacks, it has become apparent that password management is a challenge for users that has not been adequately addressed. After all, if the founder of the most popular social network’s accounts can be hacked, we (as a society) have somehow missed the boat on proper password management. Not only is password management a problem for celebrities, but password hacks are becoming a problem for many enterprise organizations such as Citrix (and countless others).
Just last week, Citrix released a security statement to customers of GoToMyPC. The company is currently requiring users to reset their passwords after hackers used login information to launch a “very sophisticated password attack.” Breaches of password data are becoming more popular on sites used for individuals’ daily work. With poor password management, a breach on one site, such as GoToMyPC, can lead to attackers using that password for other services on which the victim uses the same password.
As cyber criminals become more sophisticated, it is important to practice good password management. Why give them the “keys to the kingdom” and make it easy for them to access you or your client’s sensitive information?
Here are 4 tips for good password management. Some may seem elementary, but given the recent high-profile password hacks, I believe its important to go back to the basics.
- Whatever you do, do not use the same password for all accounts. It is easy and convenient to use the same password for all of your accounts. The problem is that doing this could put all of your accounts in jeopardy with only one account being hacked.
- Select strong passwords that cannot be easily guessed. This is a hard one but the use of names of your children, spouses, and pets are things that can be easily guessed, putting the adversary one step closer to gaining access. Hackers know that these words are commonly used and thanks to social media, they have a great starting point to obtain words and dates that are meaningful to you. Try not to use a word from the dictionary at all, rather a random mixture of letters/words/symbols.
- Make your password complex by (1) using a mixture of upper case, lower case, symbols and numbers and (2) substituting numbers for letters that look similar. A password of 10 characters or more is recommended.
Finally, to answer the question we always get: how do I create memorable passwords that meet the above criteria? Here’s how we recommend overcoming this problem.
- Use a secure password management software to store passwords. Memorize the password to your password management software and randomly generate the passwords for all other accounts stored in the password management software.
Here’s the thing: security is not about convenience. Its about keeping your information and reputation safe, and it is definitely worth the trouble to properly create strong passwords. You will not be able to prevent all cyber-attacks but you can limit the impact of an attack by taking steps towards smart password management.
For weekly insights into cybersecurity, please sign up here: