The 3 Bad Habits of Password Management
We all know there are people out there that would like to break into our various online accounts for some malicious reason or another. It is up to us to keep our online accounts protected – and this is where a properly strong password comes in. We should make sure to pick a password that cannot be easily guessed; we should make sure to pick a password that contains letters, numbers and symbols. A simple word like “pumpkin” is not a strong password. Something like “|>UmpK1n” would be better as it contains more than just letters.
“Users should avoid any password that can be cracked by a dictionary attack. If your password can be found in an unabridged dictionary, then it can be “guessed” by having a computer program try them all out. “123456” is not adequate to avoid a dictionary attack because it is the most commonly used password in existence. Using profanity may make talking about the password unacceptable in polite conversation, but that social boundary will not stop someone willing to breaking the law to steal your identity,” explained Principal Engineer with McAffee, Adam Wosotowsky.
According to Adam Wosotowsky, most users’ password habits fall in one of the 3 categories presented below:
1. One password to rule them all
The user picks a password for one account. When he sets up another online account, he uses the same password. When he sets up yet another online account, he uses that password yet again. Eventually he ends up with a whole bunch of accounts that can be accessed with the same password. From a security point of view, this password management behavior is appalling. If one account is compromised, all the other accounts are in jeopardy as well.
2. Passwords short list
The user picks a strong password that he continually reuses for certain sites – like financial websites for example. He then picks another password (a simpler one) that he continually reuses on other webpages – like social networking for example. This is better than using the same password over and over again. But by reusing a password, when that password is compromised, you put all the other online accounts in jeopardy - just that in this case, 2 passwords are continually reused.
3. Passwords black book
The user picks a password for every online account he creates. And because he can’t remember them all, he writes the passwords down on a pad of paper – which he keeps near the computer. The downside is that the user could lose that piece of paper, or someone may steal it.
“This is not only unwieldy and not flexible (if you go on vacation and forget it), but you can lose the list or have it stolen by someone who gains brief access to your office or computer. Many corporate environments that force people to constantly change their passwords are littered with passwords on sticky notes or on paper in a drawer that is accessible by coworkers, cleaners, or burglars,” explained Adam Wosotowsky.
“Users should avoid any password that can be cracked by a dictionary attack. If your password can be found in an unabridged dictionary, then it can be “guessed” by having a computer program try them all out. “123456” is not adequate to avoid a dictionary attack because it is the most commonly used password in existence. Using profanity may make talking about the password unacceptable in polite conversation, but that social boundary will not stop someone willing to breaking the law to steal your identity,” explained Principal Engineer with McAffee, Adam Wosotowsky.
According to Adam Wosotowsky, most users’ password habits fall in one of the 3 categories presented below:
1. One password to rule them all
The user picks a password for one account. When he sets up another online account, he uses the same password. When he sets up yet another online account, he uses that password yet again. Eventually he ends up with a whole bunch of accounts that can be accessed with the same password. From a security point of view, this password management behavior is appalling. If one account is compromised, all the other accounts are in jeopardy as well.
2. Passwords short list
The user picks a strong password that he continually reuses for certain sites – like financial websites for example. He then picks another password (a simpler one) that he continually reuses on other webpages – like social networking for example. This is better than using the same password over and over again. But by reusing a password, when that password is compromised, you put all the other online accounts in jeopardy - just that in this case, 2 passwords are continually reused.
3. Passwords black book
The user picks a password for every online account he creates. And because he can’t remember them all, he writes the passwords down on a pad of paper – which he keeps near the computer. The downside is that the user could lose that piece of paper, or someone may steal it.
“This is not only unwieldy and not flexible (if you go on vacation and forget it), but you can lose the list or have it stolen by someone who gains brief access to your office or computer. Many corporate environments that force people to constantly change their passwords are littered with passwords on sticky notes or on paper in a drawer that is accessible by coworkers, cleaners, or burglars,” explained Adam Wosotowsky.
