Why Companies should invest in educating people “how to use passwords” …
After some conversations with several people where we assist in security, we all ways keep getting similar responses … “one password fits all”. Unfortunately, this philosophy endangers your companies security.
A lot of people believe that passwords entered in your favored shopping website is secure and nobody knows the password. This is where it often goes wrong. Passwords entered on websites are stored in a way, the owner thinks best (or what is cheapest). It can be stored in clear text in a database or it could be hashed, with or without a reversible encryption algorithm, or it could be just parsed in a file …
Not every website where you need to logon keeps a strict password protection policy!
So make sure that you use some “common sens” when typing a password on any site.
Here are some simple rules that can make your password housekeeping clean and organized:
- Use MFA/2FA where possible.
The use of MFA, makes it harder to steal your credentials and gives you notification if some one is trying to use your credentials - Don’t use complex passwords any more, but rather go for “Passphrase”. Examples of Passphrases:
- “Let’s all go fishing 4 today”
- “My birthday is on the 4th every day!”
As you can see, these sentences are easier to remember, they are longer and have complex characters (” “, ! ‘ ), they have a number and use small and capital letters.
For those with dyslexia, write your password without your internal spelling corrector, its a benefit for creating passwords. Dictionary attacks always write there words correct. We don’t 🙂
- Make use of password managers. This way you don’t need to remember the password/passphrase as the tool thus this for you. Some examples of password managers
- KeeperSecurity (partner)
- Lastpass (referral partner)
- 1Password (good alternative for our products)
- Bitwarden (ideal for personal use)
.
- Important passphrases:
- you don’t use any where else and
- should be very different and
- should never be stored any where!
.
- Most important passphrases are:
- your email passphrase.
If your email account is compromised, any site/login portal that uses this email address,
can be hacked by simply selecting “forgot password – send new password link via email” - your laptop/PC account @work:
Access to your laptop/PC account means “game over”. With credential theft, it is very difficult to detect and stop malicious actors.
And when forensics take place, all evidence seems to point to … you - your password manager secret with MFA enabled
As this is your digital vault, it should be safeguarded at all times.
If your master passphrase is leaked, all your passwords/phrases will be available to the threat actors.
- your email passphrase.
Teach your employees the benefits for using passwords and your profit will double as less passwords will be leaked.
What to know more? or interested in booking a Password health session @ your company?
Get in touch with us:
Sales@lim-it.be
Tel: +32 472 930 976
Thanks for reading!
Until the next blog – Roel
Recent Comments