Password Management… What Was That Password Again?
From the Desk of Mike Meltz, CISO / Senior Director, Infrastructure & Security
All too often we find ourselves struggling with password management. We need one to access our bank account, another for our corporate email, a third one for our kids’ school lunch account… the list goes on and on.
As a society, we have an average of 20 different “systems” to connect with on a daily basis. Each one of these systems has different rules for the creation and password management that makes everything… just crazy!
What’s a busy professional to do?
The answer is simple, and kind of scary—we write our passwords down on sticky notes, repeating the same or similar passwords on every system and only changing 1 or 2 characters when the password expires. Not great!
These are just some of the challenges we face to get through the day and get our stuff done. These pesky requests for passwords just get in the way, but there is hope! Here are just a few ways to help protect you, your family, your friends and your company:
The best way to remember your passwords is to not remember them at all. If you can at least remember one long master password, you can add all your accounts into a personalized vault and create long, complex passwords. Several companies have free and paid accounts.
Forget Passwords. What about Biometrics?
Another way to avoid creating, losing and recreating passwords involves using your fingerprint or face. These methods are (hopefully) unique and adds an extra layer of security while simplifying the process.
Newer laptops and smartphones now incorporate these options, along with the ability to extend these services to your favorite applications. However, you still need a password for each of your services to start the authentication process.
MFA – Multi-What?
One of the best ways to enhance your password security is to add and additional layer of security or multi-factor authentication. MFA simply means that accessing systems or applications requires “multiple” steps.
Multi-factor authentication requires a simple password or pin number (4-6 digits) and access to a smartphone or specialized token.
Once you start the process of accessing the system or application, you’ll need to answer a question or a series of questions (e.g., What is your pet’s name? Where did you and your spouse meet?) that you initially set up.
After you correctly answer those questions, a request is sent to the device for final verification.
The Dark Web
It’s almost a given, based on the number of security breaches, your information is likely for sale on the dark web. This area of the internet is only available via specialized tools, and cybercriminal typically use it to sell and trade all kinds of information and items.
There are services that can search these hidden areas for your private information. Utilizing these services, you can quickly see if any of your information has been compromised. Like this, you even might find a few of your passwords.
If anything can convince you it’s time to get serious about password security, it’s seeing one of your “common” passwords has been posted.
What’s Next in Password Management / Summary
Device manufacturers like Apple, Microsoft, and Samsung are continually adding new ways to access their systems without the need for old-fashioned passwords. Things like facial recognition are becoming the norm. Some companies are even testing “modules” inserted under your skin!
As a business or consumer, you now have the ability to perform a Dark Web search. By reviewing the output from these services you may be amazed to see that some of your accounts and passwords have already been comprised and up for sale!
It is very important to constantly update your passwords and avoid repeating the same passwords on multiple systems.
Take advantage of the newer technologies offered by device manufacturers and software companies, and please stop using sticky notes!
Our world has become streamlined, with many of our day-to-day services online and easy to access. But this new reality has made our personal data much easier to be accessed and stolen, we need to stay vigilant.