A Timely Reminder of 5 Password Do’s and Don’ts

You maybe thinking “oh no, not another post on password do’s and don’ts – I know it and have heard it all”. Almost on a daily basis we hear of a cyber crime or data breach story which reaffirms the need to step up cyber security. In the post Cyber Security – 8 Hacks You Need to Know About the underlying theme of password security is evident, and most corporations are on a regular basis reinforcing to their employees the need to adhere to the most stringent password rules.

4 Examples Why You Need to Remind Your Users About Password Do’s and Don’ts

I was reading the article Four embarrassing password leaks on live TV over the weekend and couldn’t believe these calamities had taken place within the last year at some pretty major events:

1. A televised interview with a French TV5Monde reporter following of all things a cyber attack on the news media network exposed, in the background, the username and password details of the TV networks social media accounts!!!
2. During the Brazil World Cup in 2014, an interview with the top bloke at Brazil’s Federal Police security centre exposed the onsite Wi-Fi password — Oops…
3. Similarly during the Super Bowl last year TV footage revealed the stadiums wireless network credentials
4. Earlier this year SplashData revealed its list of the 25 most common passwords of 2014 – this analysis is based on 3.3 million leaked passwords during the year – following are the top 10:
   1. 123456
   2. password
   3. 12345
   4. 12345678
   5. qwerty
   6. 123456789
   7. 1234
   8. baseball
   9. dragon
   10. football

5 Password Do’s

• Use a password with at least 8 characters, consisting of upper and lower case letters, numbers and special characters
• Pick a password that is unique, random and meaningless – the objective being to ensure the password is in no way personal and attributable to you,  your family and pets
• Always lock your computer so that someone cannot randomly walk up to your machine and start accessing your information and applications
• Change your password on a regular basis
• Use a password manager – especially if you are accessing multiple applications

5 Password Don’ts

• Use a password in SplashData’s list of 25 passwords or a word from the dictionary – hackers are able to fairly easily crack passwords from a dictionary
• Share the same username or email and password across multiple applications and websites – if the worst happens and the hacker gains access to one application or system, they are very likely to try their luck with the same credentials in another application
• Write your username and password anywhere
• Share your password / PIN (for a token device) with a friend or colleague
• Save your password to any website or application allowing you to access it without needing to enter a password

I bet there is at least 1 ‘password do’ that you are not doing, and at least 1 ‘password don’t’ that you are doing! Arguably we’re becoming complacent at exactly time the time when we cannot afford to be. In this age of increasing cyber security attacks and breaches maybe the time is right to move away from usernames and passwords altogether. Biometric data is increasingly seen as the future, and the end of the password…

What do you think…?

Sources:

• Yes, 123456 is the most common password, but here’s why that’s misleading
• Password Do’s and Don’ts
• Password Do’s and Don’ts
• How to choose a better password
• Secure Passwords