[BreachExchange] Cyber Security Awareness month: 7 bad password habits to break now
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Oct 17 18:36:17 EDT 2016
http://www.itproportal.com/features/cyber-security-awareness-month-7-bad-
password-habits-to-break-now/
If the recent Yahoo breach wasn’t enough to make you re-think your password
behaviour, then hopefully Cyber Security Awareness Month is a good reason
to start taking it seriously.
The recent Yahoo hack has demonstrated the fallout from keeping old
passwords alive on active accounts, and the truth is: we know it’s bad, but
we keep doing it anyway. Our recent survey revealed that 95 per cent of
users recognise the characteristics of a strong password but 47 per cent
still use their initials, friends or family names while 42 per cent use
significant dates and numbers – all information that can be easily found.
Perhaps most alarmingly, 91 per cent of respondents know there is a risk
when reusing passwords but 61 per cent continue to do so.
So, whether at home or in work, here are 7 bad password habits you should
aim to break now so you can set yourself up for a more secure online life:
Your password has y2k in it because that was the last time you updated it
If the last time you updated the password for your email account was when
we all thought the Millennium Bug would destroy the planet, we’ve got a
problem. Having strong passwords is just as important as regularly changing
those passwords, especially if the same password has been used on more than
one account.
Without a secure system, such as using a password manager to help create
unique passwords for every online account, it’s practically impossible to
know when, if ever, those passwords have been updated.
You tell yourself you will remember all your passwords
Our recent survey also revealed the most likely reason people change their
passwords is because they forgot it. Are you always hitting the “I forgot
my password” link? This is particularly problematic for websites you rarely
use– such as renewing the TV licence - and promptly forgetting login
details.
You hit “remember me” all the time
Many websites give you the option to remember your username and password.
They might also keep you logged in to the website for as long as they can.
This presents two problems. Firstly. anyone with direct access to your
computer will have no trouble getting to your accounts. Secondly, you’ll
likely forget the username and password if this is the only place it is
stored.
You use the same passwords everywhere
Humans are inherently bad at making passwords and continue to reuse the
same passwords on all their online accounts, despite the obvious risks.
Using unique passwords for all your accounts ensures that if they’re leaked
in a breach, they can’t be used by hackers to get into any of your other
accounts. A password manager is a simple and secure way of keeping unique
passwords in one place.
You save all your passwords in the browser
Storing passwords in your browser might be super convenient, but
unfortunately it won’t keep your passwords and accounts protected. Browser
password managers don’t prompt you to login by default, leaving the
passwords and accounts you store exposed.
Not to mention, if you ever find yourself on another computer or mobile
device, and you didn’t set up automatic sync ahead of time, you’ll be left
without your passwords when you really need them.
You don’t hesitate to give out your passwords to friends
At some point you’ve probably had to share a password. It could be a WiFi
login with your house guests, giving your Netflix password to your sister,
or sharing an account login with a colleague. Whatever the case, passwords
should be shared sparingly, and only with those you trust. And when the
person no longer needs the password, it should be updated immediately.
A password manager can come in handy here as well, as most are equipped
with ways to securely share access to accounts, without the recipient ever
seeing the actual password.
You email passwords to yourself or others
In the same way you should be careful about who you share the passwords
with, you should also be careful about how you share those passwords. Email
is unsafe and should never be used to send sensitive data, especially
passwords. And if a website ever sends you password in email, in plain
text, notify them immediately and let them know it’s unacceptable. If
they’re sending you your password in an email, you know they’re storing
your passwords in an unsafe way, and could be jeopardising your personal
information.
Every single one of the above bad habits can be solved by getting started
with a password manager tool. Even if you’re already using one, you might
still find yourself falling back on some of the above old habits. To
maintain a secure digital identity, make a commitment to do an audit of
your passwords and online accounts.
Taking action today to lock down your passwords will make you more
productive and secure this year.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161017/86cd7dd1/attachment.html>
More information about the BreachExchange
mailing list