Bet I can guess your password…
February 25, 2009 by Carol KatarskyPosted in: Best practices, Communication, Fraud prevention, Hiring & training staff, Special report
Think of all the sensitive company info on your computer. It’s all at risk if someone guesses the right 6-8 characters. Which makes it all the more disconcerting that the most popular password in America is: “password,” closely followed by “123456.”
That’s the result of a study by PCMag.com.
If your password is on that list, the time to change it is yesterday.
Of course, part of the reason people rely on such easy to remember passwords is that we need a password for almost everything these days. Many find it too difficult to have truly secure log-ins that are unique and memorable.
Tips for secure passwords
Here’s some tips for making stronger, easy to remember passwords — and keeping them private:
- Don’t write your password down. Seems like a no-brainer, but you’d be shocked how many people keep passwords on a sticky note next to their computer. If you simply must have something in writing, use a reminder, to jog your memory, not the actual password.
- Use a mix of numbers as well as upper and lower case letters. Tip: To remember which letters are uppercase, use a shortened multi-word phrase and capitalize the “start” of each word. Example: “Time for lunch” could become “Tm4Lnch”
- Avoid using a password that appears in the dictionary. Automated programs can crack these passwords as easily as a squirrel cracks an acorn.
- Another option: If you only want to remember one word, use it backward or with a “creative” spelling.
- Assign individual passwords even for shared tasks. If you have three staffers who need access to a financial account, don’t use a “team” password. If someone is tempted to misuse information, you won’t be able to trace it to the guilty party — and knowing it can’t be traced can be very tempting to some people. Instead, have IT create separate log-ins. (Note: That doesn’t mean using a sequence like, Payroll1, Payroll2, Payroll3.)
Tags: Best practices, Communication, Fraud prevention, Hiring and training staff, Resource, Technology
Loading ...
February 26th, 2009 at 12:08 pm
I have over 25 passwords so it is a necessity to have them written down or I would spend a lot of my time getting them reset. Plus, I have to change most of them every 30-90 days. So having to memorize new passwords every 30-90 days is too much.
I Do have my main passwords memorized and those written down are in a secure place. I definitely would not place them somewhere out in the open nor do I have them labeled “passwords”
February 26th, 2009 at 12:14 pm
I use my Outlook contacts to keep my passwords. For each webstie, I create a contact and put the user name, password, and date created in the address field. I only have to remember the password to get into Outlook and the rest are there. It works well for me.
February 26th, 2009 at 12:32 pm
Ah, passwords, the very bane of my IT existence!
Do we even know how utterly clueless we sound? Don’t use the same password for multiple applications! Don’t use a password someone can guess about you (spouse’s or kids’ names, birth dates, etc.)! Don’t use a word that’s in the dictionary! Use UPPERCASE, lowercase, num3r415 and punctu@t!o|\|! Use at least 6 characters! No, 8! No, 9! Change it every month! Don’t reuse an old one! Don’t write it down, and for g-d’s sake, don’t forget it!!!!!
Why in the world do you think people ALWAYS write their password on a post it and stick it to their monitor or under their keyboard? How the heck *else* are they going to be able to sneak past the password screens and do their jobs?
At one point, I thought I had come up with a pretty good password scheme for myself. It was a pair of words that was meaningful to me–ok, it was my kids’ middle names–and instead of plaintext, I spelled it in ‘leet,’ using punctuation and numbers to substitute for certain letters. For example, ‘dr4w!n&$’ means ‘drawings’, see? This was something that met the requirements of every secured application I was using, something I could easily remember, *and* something I could spell correctly every time. Then some overzealous security administrator decided it wasn’t long enough or didn’t have enough different classes of character or whatever.
Forget it. I’m going back to writing ‘em down on a post-it.
February 26th, 2009 at 1:02 pm
@dz chicago: that may work well for you today, but when your hard drive fails, you’re going to be hurting. Unless your Outlook data is stored on a server in the computer room that gets backed up every night, in which case your passwords are safe and sound, and visible to anyone who has access to the backup tape. Which, in general, your IT guys are probably not going to be rooting through your contacts file, mining for gold, but there is a small risk inherent in your scheme.
February 26th, 2009 at 1:09 pm
I do something similar and keep it in a password protected file. I will use a 3 for an E or “capitalize” the last number in a favorite password. I also have two or three sign-ons that I pair with certain passwords that are triggered by each.
There are some software programs and USB devices that can store your sign-on and passwords and even confirm the site as being secure. Check out ID VAULT, Life Lock, Password Spirit, Rohos Logon Key, & Password Vault to name a few. They say it is the actual keystroke that that can be detected so if you don’t have to type it, you are safer.
Be safe!
February 26th, 2009 at 1:15 pm
This is not as difficult as you’re making it out to be and dz chicago is probably right. Find a password-protected application (there are free ones out there, for goodness’ sake, designed for exactly this purpose!) and put all your notes to yourself (website, url, username, password, pin) in that application. I currently have about 160, although some of those websites are no longer in use. Then you only have to remember the password that opens that application; just make sure it’s a strong one!
February 26th, 2009 at 1:31 pm
I have a password protected Excel spreadsheet with all my passwords, logins along with our staff’s also. It works great for me. Only my boss and I know the password the spreadsheet. I usually just copy and paste the login name and password right from there if it’s not something I don’t use very often.Tthis way there’s no mispelling.
February 26th, 2009 at 1:34 pm
KD: Those applications are great — unless someone gets the password to that app, or the software gets hacked, or your hard drive goes on the fritz, etc. As “Hiram” pointed out, there’s no 100% secure way to store these things. We’re just trying to point out some of the more common hiccups people run into so they can minimize the chances of running into a problem.
February 26th, 2009 at 3:45 pm
I have an excel file on my non-network drive where I’m storing my passwords. I use a foreign language for my passwords also.
Outlook is not the greatest place since the network admin and his backup both have access to it.
I have access to a lot of banks, wire info, etc. and they change rapidly. They are mine and the banks will only change them if I call in person. Even the company’s owners don’t have access to the accounts online. This creates a problem when I’m out of town and my backup locks himself out, but that’s what cell phones are for.
February 26th, 2009 at 4:12 pm
Any electronic form of password storage is an invitation to a hack. Excel, for example, can be easily cracked. Do a Google search and you’ll see what I mean.
Write the passwords and application/website names on paper and keep it in an unmarked or unlikely file where you can access it and update as needed. You may want to keep a copy somewhere in case of fire.
–Wag–