One of the most disturbing trends in cybersecurity these days is the concept that users tend to reuse the same password across multiple accounts. In fact, more than eight out of 10 Americans are guilty of doing precisely this according to statistics cited by the International Business Times. Ninety-two percent of the offenders who reuse their credentials are millennials, and 36% of all offenders reuse the same password with at least 25% of their online accounts.
On top of this, one of the issues too is not only managing the number of passwords that you have but also managing your set of passwords for your personal accounts as well as for your work accounts. And then further, how do you manage the passwords that your staff need for their individual accounts that are related to your business? All in all, a confusing mess.
The purpose of this blog is to address your individual password management. We'll get in to how your business should manage your company-wide passwords in a future blog.
That said, sometimes we hear from clients who ask: “If you use a hard-to-guess password, that means it should be okay to reuse the password because it’s secure, right?”
The correct approach to password protection is a critical component of cybersecurity in today’s digital world. As such, it’s never a good idea to reuse the same password. This is especially true of anyone who uses technology to manage their client’s sensitive data. The reason for this is that if one of your accounts gets hacked, or your credentials are sold on the Dark Web, any criminal who steals or purchases your username and password will be able to use that data to access any of your accounts that share this password.
One way around this is to create separate and distinct passwords for each of your different online accounts. This needs to be something that encompasses a mix of numbers and letters — as well as varying capitalized and lowercase letters — to create a password that is not easily guessable.
What can you do to protect and manage your passwords?
Well, to start with, follow the rules of basic password security: don’t write down your passwords. Second to this is to use a password management system to help you manage all of these different passwords.
What is a Password Management System?
The term is pretty self-explanatory. A password management system, also called a password manager, is an encrypted storage for your online password information to help keep it secure. Weak or reused passwords leave your accounts vulnerable to attack. The idea behind a password management system is that the service helps to protect your accounts from cyber criminals by generating and storing a different password — one that's long and complicated and unique — for all of your online accounts.
Different types of password managers are offered by different companies with a range of different capabilities and across a range of costs. Some of these management systems:
- are software or hardware-based systems
- are cloud-based subscription services with browser plug-ins
- have integrated smartphone apps
- evaluate your passwords to determine whether they are weak or duplicates of those used for any of your other online accounts
- save your complex passwords and/or generate unique, complex passwords for you
Advantages of Using a Password Management System
Trying to memorize a slew of unique, complex passwords for all of your personal or work accounts is a logistical nightmare at the best of times. It’s difficult, frustrating, and self-defeating — you may find yourself getting continuously locked out of your account and having to perform password resets because you keep typing in the wrong password. This is where an effective password management system can help: it takes on the responsibility of remembering all of those complicated passwords so you don’t have to.
Password managers are used to help protect your countless invaluable passwords and other account information you want to keep secure through the use of encryption. All you have to do is remember one “master” password to unlock your password “vault.” This makes it so that your sensitive information is locked down while also remaining available to only you when you need it. This helps to keep not only your account information safe but your clients’ invaluable data as well.
The better password managers sync your data across all of your Apple, iOS, Windows, and Android devices.
In addition to using a secure password manager, there are still other security measures you’ll want to do to protect your sensitive credentials, accounts, and data:
- use only secure devices that you trust to access your accounts (personal computers or mobile devices that are equipped with antivirus protection in lieu of a public computer)
- activate lock screens on all of your computer and mobile devices
- use two factor authentication (2FA)/dual factor authentication (DFA) methods that require two:
- things you know (password or other information);
- things you have (a fob, USB device, or app on your mobile device); and/or
- things you are (biometric data such as a fingerprint, voice or facial recognition).
PASSWORD MANAGEMENT SYSTEMS
Some of the systems you can choose from include:
Again, keep in mind - for the most part these are personal password management systems to help you manage your individual passwords, not ones to manage your company's passwords across multiple users.
There are many reasons why you should use a password management system. Personally, I use Dashlane (this isn't a plug) and love it! It has an app for my iPhone, syncs my data across all of my devices, and has a plug-in for my browsers. So, this means, literally, I don't have to remember any of my passwords any more. I can't imagine managing my online access without it. Again, it doesn't have to be Dashlane, but I would definitely and strongly urge you to use some sort of system.
I hope you've found this information helpful and informative. What do you think? Do you use a password manager? If so, which one? If not, why not? Please share your thoughts in the comments section below or send me an email to chat about it more in depth.