Over the past decade, we have done the absolute most when it comes to passwords.
And it makes sense that we have done so much when it comes to our numeric and unique character friends. Once a password is compromised, the flood gates are open. The eye-popping number of credential stuffing data breaches this year taught us as much. So, what are we to do when we feel like we’ve said and done it all with passwords? We need to educate, educate, and educate some more because of the sad fact of the matter is we are still making rookie mistakes when it comes to passwords.
There are two schools of thought when it comes to passwords—those that love them and those that want them to go away. While I do think ‘death of the password’ is coming at some point, we still have some work to do, and talking about passwords is a critical part of your cybersecurity no matter the expert level. Even if we feel like we are tediously repetitive. Today, I’d like to meet you where you are—whether you are a password newbie, expert or somewhere in between, there are steps we can all take to manage our password like a boss (and a CISO).
You are taking baby steps to strengthen your password game but don’t know where to start. Here are three fundamental best practices to get you started. First, keep it long—the longer and more complex the password is, the safer you will be. Second, keep it unique—the best thing you can do is make all your passwords unique at every site (do not reuse passwords). Finally, keep it mindful—always be aware of where you were on the Internet and take specific note of anything or anybody that has asked you to log in. Once you have mastered these three steps, you can graduate to the next step.
You know what makes a good password, but you are still doing a few things that don’t make you a master just yet. There are two recommendations I have for you as you start to take passwords more seriously. The first is to start looking into a password management tool. There are a ton of useful commercial tools and solutions that help make this overall process of keeping long, complex, and unique passwords manageable. I use a password management tool myself. The second recommendation I have for you is to start changing your passwords every 30 days and change your password every time you hear of a data breach that has ties to you in some way.
Ah, the password pro. You’ve mastered the password, and are a model student. But did you know there are even more steps you can take to ensure your security? I would encourage you to look into using biometrics. This comes from the idea that the best password to use is the one you don’t have to. While biometrics is a radical idea for beginners and people who are middle of the road, if you can swing it, that is the next step I would take for pro status. The concept of biometrics is using your fingerprint, face, or voice to gain access to your sensitive data. This creates a significantly safer environment as they are much harder to manipulate than passwords and two-step identification and two-factor authentication. To me, the use of biometrics is the future for passwords, but we have a while before we are all fully on board. You also don’t have to use biometrics to forgo passwords in some instances. I also encourage you to checkout as a guest online instead of creating an unnecessary account on a website that requires a password.
By now, we have deduced that poor password practices create a gateway for attackers to get access to whatever they want quickly. And while we can debate the longevity of passwords, the fact is they’re the most widely used and accepted means of authentication. Passwords are here to stay. Be your own boss and protect yourself and your organization one password at a time.
About the Author
Charles Poff, CISO, SailPoint. Charles Poff became SailPoint’s Chief Information Security Officer (CISO) after more than twenty years of strengthening security at companies like HomeAway, Inc., Symantec, IBM and Internet Security Systems (ISS).
As CISO of SailPoint, Charles is responsible for the overall security of our products, services, networks and assets. He is also a key stakeholder on SailPoint’s board-level Cybersecurity Committee, whose charter is to drive the company’s cyber risk resiliency across both its technology and its products.
Featured image: ©denisismagilov