The first Thursday of May is World Password Day and that’s today, Thursday, May 2, 2019. World Password Day is all about understanding your risk and making sure you are regularly auditing your accounts to be sure they are as safe as possible.
The fundamental problem with passwords is that if a bad guy gets ahold of your credentials, they are off to the races with unfettered access to your account. As I’ve blogged about numerous times, two factor authentication is one of the best ways to protect your accounts. Longer passphrases with complex characters are a must. No password should be less than 14-16 characters in this day and age. When you can use an app, like the Google Authenticator or Microsoft Authenticator, that’s a best practice as well. Biometrics are even better, so enable them whenever you can.
With regard to your online accounts, no two accounts should be using the same password. When you use the same password, an exposure of that password puts every account where you use it at risk. Nike is famous for their Just Do It campaign. When it comes to using the same password for multiple accounts, just DON’T do it.
Many people reuse passwords because they can’t remember all the different combinations they need to use. This is where a password manager comes into play. Use a password manager to store your unique username and password combinations and enable every possible layer of security the password manager has to offer. Most importantly, be sure your password to unlock your password manager is as complex as you can manage.
44% of large companies take up to a month or more to deprovision terminated employees. Accounts of former employees are one of the most significant risks most companies tolerate.
2.5 months per year are wasted on password resets for staff who forget or lock out their accounts.
65% of organizations don’t check users passwords against lists of overly common and risky passwords.
76% don’t check passwords for complexity requirements.
63% don’t enforce password rotations.
63% don’t require numerals in passwords.
72% don’t require both upper and lower case characters.
And we wonder why there are so many data breaches and hacks.