Simply put, one of the most impactful, yet least talked about, cybersecurity user habits is when users reuse the same password across multiple accounts. In fact, more than eight out of 10 Americans are guilty of doing just this according to statistics cited by the International Business Times. Ninety-two percent of the offenders who reuse their credentials are millennials, and 36% of all offenders reuse the same password with at least 25% of their online accounts. Does this sound like you?
On top of this, one of the issues too is not only managing the number of passwords that you have but also managing both your set of passwords for your personal accounts as well as your login info for your work accounts. And then to further complicate things, most users mix and match their personal and business login info making things that much murkier. All in all, a confusing mess.
The correct approach to password protection is a critical component of addressing your cybersecurity footprint in today’s digital world.
Sometimes we've heard clients ask: “If you use a hard-to-guess password, that means it should be okay to reuse the password because it’s secure, right?”
It’s NOT best practices to reuse the same password to access different accounts. This is especially true of anyone who uses technology to manage their client’s sensitive data. Let me repeat this - DO NOT REUSE YOUR PASSWORD ANYWHERE! If you're currently doing this anywhere, finish reading this and then go change them ASAP!
The reason for this is that if one of your accounts gets hacked, or your credentials are sold on the Dark Web, the criminal who steals or purchases your username and password will be able to use that data to access any of your accounts that share this password. With all of the breaches over the past few years (LinkedIn, Yahoo, Lastpass, etc.), the chances of one of your username/password combinations being available on the Dark Web now approaches 100%!
One way around this is to create separate and distinct passwords for each of your different online accounts. This needs to be something that encompasses a mix of numbers, letters, and special characters — as well as varying capitalized and lowercase letters — to create a password that is not easily guessable.
What can you do to protect and manage your passwords?
Well, to start with, follow the basic rules of password security:
- don’t write down your passwords (can you say sticky notes on your monitor?)
- don't make them easy to guess (can you say birthdays and kids' names)
- don't reuse them (see above)
- don't share them with others
And the easiest way to deal with all of this is to use a password management system to help you manage and organize (and even generate) all of your different logins and passwords.
What is a Password Management System?
The term is pretty self-explanatory. A password management system, also called a password manager, is a system built on encrypted storage for your online password information to help keep it secure. Weak or reused passwords leave your accounts vulnerable to attack. The idea behind a password management system is that the service helps to protect your accounts from cyber criminals by generating and storing a different password — one that's long and complicated and unique — for all of your online accounts. Having a system like this enables you to have very complex and different passwords across all of your accounts without having to remember any of them. You only have to remember the main one to login to it.
Different types of password managers are offered by different companies with a range of different capabilities and across a range of costs. Some of these management systems:
- are software or hardware-based systems
- are cloud-based subscription services with browser plug-ins
- have integrated smartphone apps
- evaluate your passwords to determine whether they are weak or duplicates of those used for any of your other online accounts
- save your complex passwords and/or generate unique, complex passwords for you
Advantages of Using a Password Management System
Trying to memorize a slew of unique, complex passwords for all of your personal or work accounts is a logistical nightmare at best. It’s difficult, frustrating, and self-defeating — you may find yourself getting continuously locked out of your account and having to perform password resets because you keep typing in the wrong password. This is where an effective password management system can help: it takes on the responsibility of remembering all of those complicated passwords so you don’t have to.
Password managers are used to help protect your countless invaluable passwords and other account information securing them through encryption. All you have to do is remember one “master” password to unlock your password “vault.” This makes it so that your sensitive information is locked down while also remaining available to only you when you need it. This helps to keep not only your account information safe but your clients’ invaluable data as well.
In addition, the beauty of these systems now is that they all integrate with your favorite browser as well as the apps on your mobile devices so that you don't even have to look up your passwords and type them in anymore. It can all be done automatically! Also, the better password managers sync your data across all of the different platforms you use - Windows, Apple, iOS, and Android devices.
In addition to using a secure password manager, there are still other security measures you’ll want to do to protect your sensitive credentials, accounts, and data:
- use only secure devices that you trust to access your accounts (personal computers or mobile devices that are equipped with antivirus protection in lieu of a public computer)
- activate lock screens on all of your computer and mobile devices
- use two factor authentication (2FA)/dual factor authentication (DFA) methods that require two:
- things you know (password or other information);
- things you have (a fob, USB device, or app on your mobile device); and/or
- things you are (biometric data such as a fingerprint, voice or facial recognition).
PASSWORD MANAGEMENT SYSTEMS
Some of the systems you can choose from include:
Again, keep in mind - for the most part these are personal password management systems to help you manage your individual passwords, not ones to manage your company's passwords across multiple users (we'll get into that in a future blog).
There are so many benefits of using a password management system. It should be mandatory these days.
That said, personally I use Dashlane (this isn't a plug) and love it! It has a plug-in for my browsers, has an app for my iPhone, an app for my Surface, and syncs my data across all of my devices. This means I can have complex passwords for every login and I don't have to remember any of them any more. I can't imagine managing my online access without it. Again, it doesn't have to be Dashlane, but I would definitely and strongly urge you to use some sort of system.
As you can imagine - as an IT Services company cybersecurity is critical to our success. So much so, we offer this as a benefit to all of our staff! Every one of our staff can take advantage of this benefit to protect their personal online information.
I hope you've found this information helpful and informative. What do you think? Do you use a password manager? If so, which one? If not, why not? Please share your thoughts in the comments section below or send me an email to chat about it more in depth.