The rules for good passwords keep changing as tools for cracking them and the hardware that can be applied to the problem gets better and faster.
When dealing with accounting data, we often encounter sensitive information. There are often simple and complex strategies in place to keep users from accessing this data improperly from limiting the number of workstations with the accounting software installed to controlling who has access to the folders and databases required to view the data.
The front line of defense in preventing unauthorized access to sensitive data remains passwords. We all have many passwords to remember – domain login, accounting software, SQL databases, protected spreadsheets, banking passwords, etc. It becomes difficult to remember them all.
What makes a good Password?
It’s almost easier to define what makes a bad password. If a password uses a word in the dictionary, even if the word is M0d1f13d it is not secure. Dictionary attacks including letter substitutions are among the first methods malicious actors use to crack passwords. Using personal information like a Mother’s maiden name or favourite dog’s name is insecure as they use sophisticated social engineering techniques to refine their dictionary’s guessing.
The top 10 from SplashData’s list of the worst passwords of 2015.
We know from security experts that having weak passwords or using the same password for multiple sites or applications is a horrible idea. A common technique espoused in this classic xkcd comic is to pick several random words and use them as a password. This is NOT secure.
Don’t remember your Passwords
The most secure solution is actually not to remember most of your passwords. With the rise and spread of comprehensive password managers, the best and most secure solution is to remember only one or two passwords (for your password manager and favourite file sharing solution for example) and have all of your remaining passwords generated by and stored in a password manager. This also helps to reduce the issue of forgetting or having to share a password (especially if it has been stored for months in a browser and never re-entered for example).
A Password Manager stores your passwords and many of the top choices will allow you to retrieve them in various ways including copying them to the clipboard (often automatically clearing them after a certain period of time to prevent someone from grabbing them from the clipboard) or having them entered directly into forms and dialogues avoiding keystroke loggers. You can find a solid comparison of password managers to help you choose which is right for you and your enterprise here.
Contact your Trusted Advisors at BAASS if you would like more information about Password Managers and how to use them personally or in your business.