In the summer of 2012, Mat Honan’s story of being completely hacked became my burning platform to up my password game. As a financial executive in your organization who wants to be seen as a great cyber risk leader, upping your password game sets a good example for others.
What’s wrong with the way most people use passwords?
- On the Internet, simple, reusable passwords are not secure enough for anything you can’t afford to lose: money; reputation; access to the tools that support your daily work flow; even irreplaceable photos.
- A simple password uses dictionary words, common names, brand names, anything that’s very easy to remember. Simple also means eight or fewer characters and standard letter substitutions (e.g., using a “3” instead of an “E” or a “$” instead of an “S”).
- With today’s standard desktop computing power, broadband connections, and easy access to hacking tools, your passwords can be cracked or stolen from you (or from another site you use) more quickly than you realize.
- Using the same password at more than one site is a leading cause of bad Internet days. The average web user has 25 active accounts but only uses 6 passwords to protect all of them. 61 percent of Americans admit to using the same password on different sites. Do you use the same password at your online banking or broker as you do for Twitter? Bad idea.
- Even the best password strategy can not protect you against all attacks. Social engineering was the main attack in Honan’s case. Other tactics include tricking you into using a fake web site or slipping some spyware on your computer.
The good news: Improving my password habits was easier than I expected because of a tool called 1Password which I’ll talk more about next week.
My new password habits include using:
- Passwords with as many as 50 random characters that are unique to each web site;
- Non-obvious answers to password reset security questions;
- An obscure email account just for password resets; and
- Google Authenticator for two-step verification with Dropbox, Gmail, and others.
Over the next several weeks, I’ll explain how I adopted these specific methods so you can, too.
Have you already upped your password game? How?