Every cybersecurity and mobile technology workshop I facilitate includes a discussion on consumer password security. Every year the federal government and other organizations publish a list of the most common passwords used. Financial professionals, lawyers and healthcare providers immediately ask about the security of these systems. They want to know if they can be hacked and how safe are their data in the cloud. Nothing is hacker proof, but they are better than the alternatives: bad passwords.
There is a fine line between security and convenience. If a system is secure, it is not convenient. If a process is convenient (people like this), it is not secure. The biggest culprit in the war on cybersecurity is the user. Consumer password security is the weakest link for IT professionals, and it is the biggest opportunity for hackers. People routinely use the same password for Facebook, LinkedIn and Instagram (convenient). Many of these passwords are easy to hack and guess. Stay away from these easy to guess solutions and do your part to strengthen consumer password security.
- Password – Some IT Directors use this when setting up new computers and systems. It’s simple, and it is easy to think about. That is why it is the number one choice for hackers. Even variations of it (e.g. – P@$$w0rd and Password1) should be avoided.
- QWERTY – People think this is an acronym for a secret government agency. It is simply the keys on the top left of the keyboard, and it is a favorite of hackers. Strings of letters on a keyboard are easy to guess. Randomness is the best friend of consumer password security.
Is Touch ID Better than Passwords?
- 12345 – 12345678 is NOT more secure than 12345. Brute force hacking software will easily guess this string of numbers. Simple does not equal safe, and 654321 is not better. Experts confirm the best passwords are a random combination of letters (upper and lowercase), number and characters. Sequences of number (or letters) are not good for phone PINs either.
- Dictionary Words – The word Rhinoceros is not easy to spell, and hacking software will easily power through it. Do not use simple words that relate to your business (e.g. – banking, teaching, healthcare). Most consumers think they are random with this technique, but studies show they repeatedly go to common themes (e.g. – hobbies, religion, politics, etc). Close that book!
- Pet / Spouse Name – I love my wife, kids and dog, but I will not use their names as passwords, and you shouldn’t either. “Social engineering” is an easy method hackers use to guess your identity and hack your systems. Millions of people post personal information on Facebooks, Twitter and Instagram. Strangers befriend these strangers and use this information to hack bank accounts, health records and home wifi networks.
5 Easy to Use Password Managers
Is your password on the list? I hope not! One SciSpeak workshop attendee said she keeps all of her passwords on a piece of paper on the back of her phone! Talk to your technology team about implementing two-factor authentication on your systems or purchasing a password manager (e.g. – Password Keeper, LastPass, etc.). Consumer password security is only one way to protect your data. Contact a SciSpeak Technology Ambassador to learn how to protect documents, databases and client information.
Scientifically Speaking, of course…