This just in – your password sucks!

Posted by .

57482440 - corporate administrator is touching password management on an interactive virtual screen. information technology concept for access control via organized management of user authentication.Does your security include passwords that have eight characters, begin with a capital letter, end with a number, and have a special character? Congrats! You are still easy pickins! Yup – believe it or not, your password sucks.

It’s not your fault. You’ve been conditioned to use weenie passwords. All the websites advocate it. They tell you right in their instructions: For your security, all passwords must include eight characters, a capital letter, a number, and a symbol. So, like good little sheep do exactly what we are told. We put a capital at the beginning, numbers at the end and a symbol that either follows the numbers – an exclamation mark is the de facto standard – or acts like a letter as in the @ sign for an “a” or a dollar sign for an “s”. Did you know one in 26 passwords ends with the year it was created? A password like that is only marginally better than no password at all!

The not-so-funny thing about password security is when presented with password rules, we tend to take the minimum approach, which is to say that we do only what we MUST do and no more. If asked to create a password with eight characters, one capital, one number and one symbol, that’s EXACTLY what we do. We probably could do more (like twelve characters, two capitals, two numbers and two symbols) but that would be waaay too hard to remember – sarcasm totally intended. So we don’t. And then predictably, we get burnt. God, we humans are a lazy lot… Think about it: when given the choice between taking the extra steps involved to safeguard what has become an indispensable tool of our personal AND professional lives and doing barely the bare minimum requirements – and only because it is required – 9 times out of 10 we take the easy way out. Heck, if it wasn’t for the minimum password security restrictions that we actually are bridled with, we’d all be using and reusing the same password we created the first time we even had to create a password – and that password was probably password! Anyway – in the words of the always-funny Dennis Miller – “Now I don’t want to get off on a rant here, but…”

So my question is this: how many crappy passwords are you using knowing the risks all too well? C’mon, fess up…

68179878 - weak computer password security vector illustrationDon’t do this:
• Use your name, your partner’s name, your kid’s name or your dog’s name in your password.
• Use your email address or anyone else’s for that matter.
• Use qwerty or 123456 – that’s just silly.
• Use birthdays and don’t use the year you created the password.
• Don’t do only the bare minimum requirement – try a little harder, dammit!
• And for heaven’s sake, don’t use the word password or any funky spellings of the word P@s$w0rd. You might as well leave the door wide open and swinging in the breeze.
• Don’t share your passwords with ANYONE. Not your mom, your wife or hubby, your best friend, or (Seinfeld reference coming) Mr. Peterman’s dying mom in a hospital (Bosco, anyone?).
• And for heaven’s sake, don’t click on links that say: “Please click here to update your account credentials”. Just don’t.

Do this instead:
• Use a random password generator and set it to a minimum of 10 characters (more is better).
• Unless it’s for your financial institution or other hyper-sensitive websites in which case, start at 12 characters and go up from there.
• Use a different password for every website. I know, I know, too hard to remember – tough bananas, do it anyway. Think of it as one of those mind games that help prevent dementia.
• Use a password manager to store your various passwords and protect it with your life.
• I’ll say this too (even though you won’t), try to change them from time to time.
• If you have to login to a website, logout of it when you are done.

Remember: safety first. The @$$ you save may just be your own. Need a better strategy? Contact us today. Now if you’ll excuse me, I have some passwords to change…