We all know what we "should" do about passwords, but reality is quite a bit different as a recent report by LogMeIn shows, in collaboration with the National Cybersecurity Alliance. At Ekaru we're on a mission to help Small Businesses stay strong in the face of cyber threats. The more you know about the threats you face, the better your chances of keeping your data safe an your name out of the headlines.
As more and more people work and socialize exclusively online, protecting your digital identity is more important than ever. Most people believe they are knowledgeable about the risks of poor password security; however, they're not using that knowledge to protect themselves from cyber threats. Good password hygiene is one of the most important steps you can take to secure your data.
Gerald Beuchalt of LogMeIn and Dan Eliot of the National Cybersecurity Alliance put together a great program this week on the Psychology of Passwords and here are some of the key take away's. Many in our community will recognize Dan from our in-person lunch and learn event several months ago.
- 91% of computer users know that using the same or variation of a password is a risk, but 66% do it anyway.
- 54% of computer users try to keep track of passwords by memorizing them and its not working. 24% of them need to reset passwords monthly after forgetting.
- The old advice of 8 characters for a strong password is out of date - the longer the better and eight is not enough.
- 52% of computer users haven't changed their password in a year even after learning of a breach!
- Don't re-use passwords. Keep in mind that hackers can use "credential stuffing" to try to use your password at all the other sites you may use it. Don't re-use passwords. With automated tools, now starting to be powered by AI, this is a quick task!
- Use MFA - Multi Factor Authentication - whenever available. Yes, it can be an inconvenience, but you will drastically increase your security with this simple step.
One question we hear a lot came up during the presentation. Is it okay to store passwords on paper stored in a secure location? It is possible to very safely store the paper, but it's important to consider Protection vs Availability. When we see users doing this, typically they end up keeping the paper with them, making it a lot less secure.
Also, the typical 90-day forced password reset policy actually can make passwords less secure. Why? Users will fear forgetting their password and will quickly take on some other bad habits like writing them down, re-using passwords, or creating passwords that are too simple. The current advice is to keep a password that's strong until you have reason to change it (like a publicized breach).
What can you do? Educate your team. Talk about security during your staff meetings and make sure everyone is on board. Help create a culture of security in your organization. You can get fancier with a formal training program, but even just a conversation will help. Using a password manager like LastPass helps solve a lot of problems around keeping passwords strong and secure, but daily behavior improvements can go a long way.
Contact us at 978-692-4200 if you'd like a demo of LastPass or want to learn more.
Also, here's a link to the video, report, and infographic from the National Cybersecurity Alliance: View the Video and Get the Report.
Subscribe to the Ekaru Technology Advisor Blog for more SMB technology advice by entering your email in the sign up box on the upper right of this page.