At any.cloud, we love working with IT and IT security. In our line of work, however, things quickly become obsolete, and current events underline that password policies might not be doing the job they set out to do.
Users are asked to change their logins on a regular basis. Password policies may require a change every 3 months. However, when users change their login, they change them to something similar. Statistics have it, and it is to the level of detail where using similar-looking symbols (“A” becomes “@”), adding or deleting special characters (two “..” instead of one “.”) or changing numbers up/down etc. are the only real changes to someone’s ‘new’ login.
And here is why a password policy isn’t doing its job
– Users forget their login.
– They use the same login everywhere and in all sorts of contexts.
– Passwords are often built up by mixing children’s or spouses’ names, birthdays etc.: So easy to remember and, yet, quite simple to crack.
Strict company password policies and the above-mentioned pitfalls could lead to important data being stored in each user’s personal Dropbox instead of on the company SharePoint site, because it is much easier than asking for a new password. Company policies made to improve IT security end up adding complexity and causing potential data breaches instead.
One way of solving that problem, and what we recommend is to get a password manager. The password manager is not only a secure solution, it also encourages users to use different and more complex passwords across sites and systems. Not only do the passwordmanager propose new passwords and save them at the same time, they do so with high encryption. However, in today’s world where the cloud is king, please beware of where the password manager stores its password database.
If a password manager isn’t the solution for you and your company, you can follow our dos and don’ts below.
– Use different passwords for different sites/programmes.
– Make sure that you use a combination of letters, numbers and special characters.
– Construct a longer password than you are used to doing. “Complexity is nice, length is key”. Standard length used to be 8-10-characters. Today, logins should be even longer, as there is a significantly higher number of even more intelligent threats than ever before. Try using a combination of words that are easy for you to remember.
– Use your username as your login.
– Use your birthday or any other personal information.
– Store a password list on your computer in clear-text or on a post-it.
– Use passwords that are easy to figure out simply by guessing, like “Login321*” or “Facebook123.”. Although they are stronger than the standard, they will still be very easy to crack.
– Use simple keyboard strokes like “qwerty” or “qweasd”.
More can be added to this list, and go right ahead and give it a shot: What other dos or don’ts come to mind? They are out there, you know!
Maybe a password manager might be the right answer after all. It will give you the protection you need in a world of cyberattacks and identity theft. Contact your cloud service provider today.