Passwords are a hassle but a necessary one in order to keep information and data safe. This is especially crucial for any organization that records and stores sensitive information – credit card numbers, social security information, customer data – but as we’ve seen in the last few years, these things can be susceptible to weak password or worse, the same password that is being used for multiple accounts.
These stories aren’t just relegated to the average person at home or on a work computer; such data breaches can occur for anyone. Just read stories about Wired writer Mat Honan or the detailed account from CloudFlare CEO Matthew Prince about how all it took was one password before all of their information was stolen from them. But until passwords are completely phased out, how exactly does one keep their information safe?
How to avoid password misconceptions
While password protection may seem as a hassle, there are still ways that you can protect yourself.
Password Misconception #1 – Complex passwords are better
While creating a complex word is better than rendering it as something simple as the name of your dog, it doesn’t always mean that an attack can be avoided. It may be better to use longer passwords with a diverse selection of words.
Password Misconception #2 – Thinking 2-factor authentication is all you need
The concept of 2-factor authentication is good in order to sign in to an account; you need to have two ways of doing so. Usually it’s inserting your password and then having an alert to verify your details via an additional method. An example of this would be an email sent to a different email address or a text message sent to a mobile phone. This can be extremely powerful, however in the case of Prince as noted above, it’s not without its flaws. As he describes, the hacker was able to discover Google’s 2-factor authentication to reset the password that allowed entrance in all of the Google accounts.
As with the above, 2-factor can only work if you’re using a very effective password and you’re using it on one site only. One of the reasons why Mat Honan was able to have his information accessed was because he used the same password for many of his accounts which allowed the hacker to access.
Password Misconception #3 – Password checkers and CAPTCHA keep passwords safe
One of the biggest myths regarding passwords is if you’re using a password checker to valid a password or your organization is using CAPTCHA to fend off attacks, you don’t need to worry about your password. Certainly using YourName1234567 passes with high marks on two of the most popular password checkers, however you’d be surprised. A hack a few years ago revealed that the most common password was that of 123456 usually followed by a person’s name, spouse’s name, or child’s name.
One of the most successful methods that has proven to help users remain safe is to frequently change the password. This can be a tedious task for most users, especially since changing passwords can often result in the user forgetting the password. This generally leads on to calling the IT service or helpdesk for additional support and could result in excessive time consumption. At Hypersocket, we provide self-service password reset which takes into consideration the reset hassle and cost that is undertaken purely to keep business safe and secure.
This Blog was brought to you by Hypersocket Software and its CEO, Lee David Painter. With over 20 years of industry experience as a pioneer in IT Security, Lee developed the world’s first OpenSource browser-based SSL VPN (SSL-Explorer). Today, Lee runs Hypersocket Software, a leader in Password Self-Service solutions.