Password hygiene: a necessary skill in the digital age

Jun 21, 2017

IT
people
automotive
chemicals

share on

By using a central directory, organizations ensure that their employees only have to remember a very limited number of passwords to log on to all company-related web pages and applications. As a result, the majority of passwords used are actually private ones. However, applications such as Twitter, LinkedIn, and Dropbox show how the line between work-related and private applications has increasingly blurred. Therefore, it’s important that everyone is aware of the risks they and their company are exposed to if they don’t take measures to ensure proper ‘password hygiene’.

Are you one of the many?

Let me guess where you store your passwords: in a Word document, Excel or txt. file. Am I right? And is the file name something like ‘codes’ or ‘passwords’? Or do you perhaps use the same strong password for all applications and websites? Both of these approaches involve a high risk. Your strong password will indeed be more difficult to crack, but what if cybercriminals manage to do so? They can simply reuse the same password for all the sites you’ve visited, which means that identity theft is just one step away.

Many people also regard the browser functionality to store user names and passwords as a useful feature. However, if someone else manages to log on to your computer, they can open all the applications without a problem – so think twice before you trust your browser.

Do any of the above scenarios sound familiar? If so, it’s high time to develop good password hygiene. Just follow these two simple steps!

Step 1: Use a proper password

A strong password is the basis to prevent you and/or your company from being hacked. Avoid obvious trains of thought, such as ‘12344321’. Furthermore, do not link a password to your own identity, such as your date of birth or children’s names. A complex, random password such as ‘kLEà34^Jdi’ could be an option, but of course it’s difficult to remember.

In general, the longer a password is, the stronger it is. Creating a passphrase, such as ‘thisisapasswordthatnobodywilleverguessinamillionyears’, is much more secure than any combination of eight characters. Although a passphrase is easier to remember, it can be difficult to remember several at the same time – which leads to people writing down their passwords or storing them in a digital file.

Step 2: Use a password management tool

Password management tools are available to generate and store passwords securely. Then, the only password you have to remember is the one needed to log on to the password management tool itself.

The tool also helps you to work more efficiently, since each time a new password is created it is replicated through all your devices. Moreover, it’s very convenient, since the password management tool automatically logs on to the websites for which you have created a password.

Ideally, all companies should offer such a tool for their employees. If that’s not the case, various tools are available online. Most of them are free, but you will have to pay for premium features such as synchronizing across different devices or applying two-factor authentication. The latter is a good way to improve security, as it is supported by more and more websites – e.g. Facebook, Gmail, OneDrive, Dropbox, etc.

Take action right now

There are plenty of other steps which could further improve your cybersecurity, such as never sharing a password or always using different passwords for professional and personal use. But you are already taking significant steps in the right direction by choosing strong passwords and/or letting the password management tool choose them for you.

If you are responsible for IT or information security within your company, ensure that everyone is aware of the risks they’re exposed to if they don’t take a professional approach to managing their passwords. After all, by failing to secure their private identity they can jeopardize the entire company.

Author: Steven Fleurent. You can connect with Steven on LinkedIn.