password dialog with entry field

Securing Everything: Password

Merriam-Webster says the first use of the word “password” was 1799, but I’m quite sure it goes farther back than that.

Imagining some back alley door with a small eye-window which some shady fellow asking for a pass-phrase is kind of ironic considering how we regard the word today.

Passwords are what we need to possess to get by the tough guys guarding the door to what we want, or where we want to go. Without them, we can’t proceed  –  with compromised or easily-guessed passwords, we can’t protect what is valuable to us.

So Many Passwords!

One of the biggest frustrations about passwords is that we have to have so many. You need a password for your email, to log into NetFlix, your computer at work – you might even need one to get in your home or start your car!

You’ll also hear from people like me that you need to have DIFFERENT passwords for each thing, AND you need to change them with some regularity.

I have some friends that find the thought of all those passwords terribly overwhelming. Trust me, I understand. As a system administrator for many different clients, I have to have separate passwords for them as well. If I didn’t use a manager for them all I’m sure I’d be mad.

“What Is Your Password?”criminal asking for password

Anyone who has access to your account, whatever account that is, should NEVER ask that question.

Let me say that again – nobody of authority should ever ask you for your password. That means someone on the phone from the bank, the IRS, even someone from tech support.

As someone who does tech support I can tell you that I don’t know your password and I don’t need to know it. I have the power to change it. If someone says they need your password, they are basically asking to control your account because they don’t have access.

I can tell you there is one case where I might ask for a password. I need to log into your computer as you, and not change your password. Some folks don’t like it when I change the password and oftentimes if it is changed, you can’t change it back to what it was due to password restrictions.

Bad Password! Bad!

In the Worst Passwords of 2015, the single worst password was “123456”. 2nd is “password”. Rising fast at number 3 is the altogether amazing “12345678”. Yes, you could go out and use those passwords to hack 1,000 accounts and you’d probably compromise about 20-50 of them if not more.

People choose these simple passwords so they don’t forget because they will struggle for a long time trying to guess a password, and in some cases lock themselves out. This of course is very frustrating and definitely slows you down! It really isn’t worth the risk – you should use good passwords that have upper & lower case letters, numbers and a few symbols thrown in (if they’re allowed). Also use at least 8 characters.

If you do forget your more complex password, it is typically very easy for you to change it. You can usually click a link to “Forgot my password” where the authentication system will send you an email or some other backup communication to get you set up with another password.

In fact, you could consider your email account as another “factor” of authentication.

More Factors, Better Security

You might have heard of “two-factor authentication”. Factors of authentication are typically considered:

  • Something you know – like a password, your mother’s maiden name, your 2nd grade teacher.
  • Something you have – like a texting service on a cell phone, email account or even a code generating device.
  • Something you are – fingerprint or RETINA SCAN! Cool!

Here’s the very important point about these factors. If you change something, like your email address or your cell phone number – you do lose a factor and recovering your account can become more complicated. Make sure you keep your information updated so that you don’t get stuck!

Important Takeaways

If nothing else, please remember two important points!

  1. Never give your password to anyone!
  2. Use a good password. Avoid a dictionary word or name, use upper/lower case letters, numbers and symbols, with at least 8 characters.

 
Two people working on a computer together with a text overlay of "Want a free 4 lesson security class? Click here to take a short survey and receive your free class

Posted in Blog Post and tagged , , , .

One Comment

  1. Pingback: Data Security – How to Audit Your Company - Stewart & Son

Leave a Reply

Your email address will not be published. Required fields are marked *