It’s World Password Day!
Every year I am still amazed no one is taking heed even when hearing daily reports of security breaches and concerns over personal data being stolen.
Webroot released their 2020’s Most (and Least) Cyber-Secure States report last month and among other shocking details determined that almost half (49%) of Americans admit to using the same password across multiple sites.
SecureAuth found similar results in their study, The SecureAuth 2020 State of Identity Report, where they found 44% of people have admitted to using their personal passwords at work.
In honor of World Password Day consider the following:
- Use Multi-Factor Authentication (MFA) whenever possible
- If you have not changed your password in the last 90 days and don’t use MFA – change it now.
- Consider using a password manager.
- Personally, I like RoboForm (or use RoboForm for Business to share with your team securely)
- Use no less than 12 characters whenever possible. Longer is better.
- Use nonsensical “phrases” such as DogsEatDonuts and jazz them up with spaces, numbers, and symbols.
- I am a huge fan of checking passwords against Have I Been Pwned
- Use DarkWeb ID to detect if your account and password credentials are floating around out there.
Here’s a List of things you should never do:
- NEVER reuse your home passwords at work
- NEVER use anything we can find out about you on Facebook such as your family’s names, favorite sports teams, or last book read
- NEVER use your kid’s name and birthday (my Dad’s favorite)
- NEVER use song lyrics, or movie titles or dialog
- NEVER write down your passwords. Choose something you can remember or that password manager.
- NEVER use anything on this list: PwnedPasswordsTop100k.txt
These tips will help you avoid being a victim of password spraying, a commonly used style of brute force attack in which the attacker tries a single and commonly used password against many accounts before moving on to try a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts. These attacks are successful because, for any given large set of users, there will likely be some with common passwords.
Have a Safe and Productive Day!