The number of guaranteed, unfortunate realities you could count on in life used to be a short list. Death and taxes were as bad as it got. But for anyone who is even marginally connected in the digital age, I’d bet you agree “password” deserves to be included in that list.
It’s the current bane of our existence. And if you’re anything like me, you have dozens of logins to a myriad of services: email, shopping, banking, social media, etc. Whether you’re a casual Facebooker or a full-fledged digital mastermind, protecting your online data is paramount.
The news is ripe with stories of password leaks: LinkedIn, Kickstarter and Yahoo have all been recent targets of hacking, but the real victim is us, the user. The trouble with password theft is that your login name (typically your email address) is leaked along with the password.
Therefore, if you use the same credentials with other services, they’re all potentially at risk.
This brings us to the golden rule of passwording: use a different password for every site. I know this sounds horrifying, but it’s the only way to safeguard against security failings of the companies you interact with on the web.
Another protection is to beef up the length of your password. It used to be that adding complexity — a combination of upper and lowercase characters, numbers and symbols was a surefire way to boost security. However, with the recent advances made in password hacking, length trumps complexity. Instead of focusing on a single word, you might consider a phrase or string of unrelated words. Eighteen is the new eight. Go big.
So how do you create and keep track of dozens of long, complex passwords unique to each and every site? A password manager is a great software tool that stores and sync your site credentials on all your devices. You’ve likely let Firefox or Safari save a password for you in the past. This is the same idea, only better.
With a synchronized password vault, you’ll always have the latest login information on your computer(s), smartphone, tablet, etc. LastPass, RoboForm, Dashlane and 1Password are some the top-tier packages that leverage browser plugins that hang out in the background and take notice when you log in to password-protected sites.
They’ll prompt you to save your info and auto-login from that day forward. So not only can you stop remembering the credentials, you won’t have to type them either.
And the icing on the cake: once you’re comfortable using a manager, you can allow it to create unique passwords for you. You remember the single password for the vault, and let it generate and enter ridiculously long passwords on your behalf.
Another protection many companies offer is two-factor authentication, where in addition to your password, a one-time code is required. This code may be sent to you via text message or generated by an app on your smartphone.
Because most of us keep our smartphones at the ready, it’s a painless way to lock down an important account. Apple, Google, Dropbox and Facebook all offer two-factor authentication, and more are supporting the technology every day.
In the end, common sense is your guide. The Post-it with your password stuck to the monitor is a horrible practice. Likewise, using 1234 or PASSWORD is not a good idea.
In a recent Cyber-Threat Defense Report conducted by U.S. Department of Homeland Security, several key finding were revealed and some may shock you:
- 70 percent of U.S.-based organizations report having been compromised by a successful cyberattack in the past 12 months.
- Cybersecurity incidents cause small to medium-sized businesses eight hours of downtime, on average.
- 72 percent of cybersecurity incidents involve a current or former employee.
The bottom line: don’t wait until it’s too late to properly secure your important data. Start now by improving your password protection and mobile device accessibility. Next, audit your business and how securely its data is protected. Are your important files in an unlocked file cabinet? Is your server room open and accessible to anyone in the organization? Are you backing up your data to disks and taking them home every night?
Whether you choose to employ a password manager or strengthen your existing system, good luck out there. It’s a dog-eat-dog world, and you still have death and taxes to look forward to.
David Darmstandler is CEO of Datapath, an IT services company with headquarters in Modesto. You can reach him at [email protected].