17 Sep The Nuisance of Passwords
Passwords. Can’t live without them.
Now that we have moved our personal and professional lives online, passwords are an essential part of life. And the line between personal and professional applications is often blurred (think Dropbox, Google, Evernote …). The problem is there are so many passwords!
There’s way more to IT and cyber security (two different things, the latter really being a subcategory of the former) than just passwords, but passwords are often where security starts with us daily.
So do you use the same password in more than one place? In both personal and business applications and email systems? Stop!
It should be no surprise by now that “hacks” are a fact of life. Revelations of huge data breaches are so common we hardly notice anymore. Chances are some of your data — including your password — has been part of at least one, maybe several such breaches. If not, it’s only a matter of time.
A Password Expose study by LastPass, cited by DarkReading.com (part of Information Week) found that employees use an average of 27 passwords. The number of personal passwords people use is similar.
That’s a lot of unique passwords to remember, particularly given the nature of password protocols with upper case, lower case, numerals and symbols! So perhaps it is not surprising that over 60 percent of users don’t try. They reuse passwords. That’s in spite of 90 percent of them knowing that it is risky to do so.
If you use the same password for more than one application and that password gets out in a data breach, now all applications where you use that password are potentially at risk.
IT knows there are better ways to secure access to company data than a simple password. But change is difficult and slow. With change delayed, breaches continue, and criminals take advantage.
Reporter Alex Hern in the Guardian quotes security researcher Troy Hunt. Hunt says, “People take lists that contain our email addresses and passwords, then they attempt to see where else they work.
“The success of this approach is predicated on the fact that people reuse the same credentials on multiple services. Perhaps your personal data is on this list because you signed up to a forum many years ago you’ve long since forgotten about, but because it’s subsequently been breached and you’ve been using that same password all over the place, you’ve got a serious problem.”
So what to do? Stop reusing the same password. Create unique passwords. Then figure out a way to keep track of them. (Post-it notes on your monitor are NOT the way!) Talk to IT about a password vault (a system that generates and maintains your passwords for you and you only have to remember one password – to your vault!). Use two-step authentication wherever you can — yes it adds a step to logging in. Yes it is much more secure.
Listen to former hacker Kyle Milliken, who just completed serving time for his activities: “The reuse of login credentials in my opinion is the greatest security flaw that we have today,” Milliken said. “When I was hacking, I had my own personal collection of databases that I could easily search for a company’s email and parse all of the data.
“It only takes one employee to reuse the same password to have potential access to hack everything that you’re looking for.”
Milliken is making amends and is turning white hat to work on security. He offers this simple advice: Stop reusing passwords, and enable two-factor authentication.
To learn more about how InvoiceInfo and VendorInfo self-service portals can benefit your operations click here to request more information or call (678) 335-5735.