Should We Kill the Password?

Do your employees still use “12345678” as their PC’s passwords? Not such a good idea.  In today’s world, a strong and complex password is the key to company security.  The digital world today forces us to create multiple passwords in both business and personal use, and this can create password laziness.  Using ascending 1 through 8 or descending alpha H through A is an easy target to be hacked.

For starters, passwords should not have any kind of emotional attachment to the user.  Don’t use events such as your wedding date, your son’s birthday, or the year you graduated high school to create a password since they are easy to guess by people who know you.

Other factors that contribute to password weakness and cyber risk is human error: sharing our passwords with friends or co-workers or writing passwords down and leaving notes in obvious places.  Since we have so many passwords to remember, writing them down hastily on a post-it and leaving it on a monitor is commonplace.

Today, security experts recommend this kind of password creation: passwords that are at least eight characters long, a mixture of letters, numbers, capital letters, and special characters and changed every one to three months.  They should be unique for each online service you use, so don’t use “MamaCat123%$” for every site you visit.  Once one site is compromised, you’re left vulnerable if hackers think to use that same password for other accounts.

Mobile use has also been identified as a weakness in password creation: experts have found that mobile passwords aren’t nearly as strong as desktop ones.  The mobile keyboard is more awkward for many, and users tend to create shorter, riskier passwords on their cell phone.

But hackers are quickly catching on to these current password recommendations.  So what else can you do?

2SA and MFA (2-step authentication and multi-factor authentication) are also highly recommended.

A 2-step example: if you’re logging into a different PC to do your personal banking, you should have to not only enter your password but get a code delivered to you via text or email to verify your identity.

An MFA example: having to enter a security code, a password, and memorable question to log into any kind of financial account.

Another option is using a password vault.  A password vault is a type of software that assists users to store and organize passwords.  These password managers usually store encrypted passwords, requiring the user to create a master password – a single strong password, which gives the user access to their password database.  Last Pass is an example of a password vault.

So what are the alternatives?  Many people think futuristic notions such as eyeball scanning or even just using selfies as identification are way stronger than relying on passwords for a data security.  As soon as technology improves and grows, the hackers are right there to put the newest improvements in tech at risk.

For now, although passwords alone aren’t the answer for company security, effective and strong passwords are a good start.