“The Password is the Root of all Evil”
So, states Jonathan Klein, past president of Virginia-based enterprise software company, Microstrategy. Time and time again, we are reminded that approximately $250 billion is lost to fraud each year, as well as, another $100B lost to cybercrime. We’ve all heard about Target, Anthem, Sony Pictures, Home Depot, Michael’s Stores, T-Mobile, and other breaches and data being compromised. Almost every day a new threat is exposed that requires more action on our part to keep our information safe. So how do we lock down our accounts?
Recent research has suggested there are various methods to make passwords more secure and one simple step that pros recommend to lock down their accounts. Here are some suggestions:
- Think length and not complexity – Mark Burnett, author or Perfect Passwords, says, “A longer password is usually better than a more random password as long as the password is at least 12-15 characters long.” Less than five years ago, the recommendation was that passwords should be comprised of at least eight characters with mixed types of characters. With the sophisticated, custom-built software being used to attack retail stores, banks, and health insurers, it is probably better to come up with at least 12 characters.
- Special characters — don’t bunch them up – Many password requirements say you need a combination of upper case, lower case, numbers, and symbols. This is all fine if you keep them separated. “Most people put capital letters at the beginning and digits and symbols at the end. If you do that you get very little benefit from adding these special characters,” stated Lorrie Faith Cranor, Carnegie Mellon computer science professor. Do your best to avoid front and/or back-loading your passwords with special characters.
- Surprise! Don’t change passwords so often – Don’t change passwords every month. It is better to have longer passwords and keeping them longer than having a user just update the same password and increment the number at the end of the password each time they have to reset it. There is also a tendency if an admin forces his or her uses to change passwords each month that the users will make it easier to remember.
- Keep it unusual – Avoid common sports and pop culture terms. Last year Star Wars phrases were popular. Any password that can be found in a dictionary is ripe for being exploited. In order to make secure passwords that are easy to recall consider using passphrases — short words with spaces or other characters separating them. It’s best to use random words rather than common phrases. For example, “cakes2years8birthday” or “smiles_light_skip?”
What is the one simple step the pros recommend?
Using multi-factor authentication to safeguard all of your important accounts. This means adding a password authentication device like an app on your smartphone or texts sent to your phone number. Without both, you can’t get access to your account.
Neil Wynn, a senior research analyst at Gartner who focuses on business security says, “Passwords should not be considered for anything other than the lowest-risk applications.” Instead add a layer of authentication like cryptographic credentials or a biometric identifier (like a fingerprint scanner). At this point you must make a judgment call. Is the time spent adding this authentication worth it versus the alternative? With all the effort on security and solutions, how secure are your printers and especially MFPs?