Before the Time Runs Out!
Common Password Management Security Mistakes
qwerty, password, 12345, iloveyou, 111111, 54321
An average individual comes into daily contact with a variety of personal apps, websites, remote connections and enterprise applications. And this concoction of connections brings with it a variety of access and authentication requirements. Successfully navigating the gauntlet of our digital world, especially when going public, private, or hybrid cloud, without exposing yourself to significant security risks can be a challenge. In practice, the vulnerabilities are pronounced. A quick look at the most common passwords of 2018 is concerning: 123456, password, 123456789, 12345, 111111, 1234567, sunshine, qwerty, iloveyou.
Access management has become the norm
The challenges of managing one’s passwords are complicated by the differing requirements of different platforms—password conventions, expiration cycles and authentication methods make the task of organizing one’s suite of credentials daunting. One cans see how these challenges lead people to simplify their passwords, sacrificing security for simplicity.
Password proliferation has become the norm. With every new app, website and device that we commandeer, there’s new access information created. Moreover, many of these systems require a periodic reset. Keeping track of all of these passcodes can be likened to taking a mnemonic census of an anthill.
Archimedes once said that if only he had a solid rock on which to stand, he would move the earth.
If you assume that your passwords are a firm footing, prepare to have your assumptions rocked. It is believed that up to 80% of common hacking activities are due to compromised credentials, mostly in the form of stolen usernames and passwords. Worse still, IT Managers report 73% of all passwords used are duplicated in multiple applications.
When people use the same password for multiple systems, having one password exposed may compromise the whole network of applications. Luckily, password management doesn’t mean you have to buy a walk-in safe to store your password diaries. To keep it simple, here are a few tips to memorize as a starting point for improved password management:
- Never use the same password twice
- Never write down your passwords
- Never share your passwords with anyone else
- Never use real words or known information about yourself in your passwords
- Avoid commonly used passwords
The last bullet is especially salient—50% of all attacks involve the top 25 most used passwords, proving there are risks involved in “getting qwerty” with your password management procedures.
Need a more sophisticated password management plan?
Let’s talk password management solutions and multi-factor authentication, two great ways to prevent getting hacked.
Password Manager: A password manager solution, such as SolarWinds’s PassPortal, allows you to store all of your passwords in one place. This makes managing and remembering all of them much easier. Make sure your password manager solution is itself password protected, preferably with multi-factor authentication.
Multi-factor authentication: Multi-factor authentication is the use of additional forms of authentication in conjunction with a traditional password. This most often takes the form of a shared key, sent to a separate device, or calculated through a common authentication application. This makes it difficult for a compromised password to compromise the application. Enable multi-factor authentication wherever possible, but make sure your secondary authentication source is equally secured with a strong password—failure to do so is like having a biplane write your shared key in the sky.
Random password generators can also help create passwords, but the results are often long random jumbles of characters and quite difficult to remember. Unless you can recite the longest word in the world from memory, you might want to use these password management tools in conjunction with a password management solution.
If you’re a business owner trusting dozens or hundreds or thousands of employees with sensitive information, then a managed IT solution that includes password management will definitely be the safest way to interact with the millions of letters, numbers and characters that are involved in the multitude of passwords that access the data of your systems.