Passwords at the Office
Are You Putting Your Business at Risk?
You know how important it is to use strong passwords. But you also know that broccoli and exercise are good for you, that you should cut back on sugar and caffeine, and that you should stop using electronics an hour before you go to bed.
How’s all that working out for you?
Here’s the thing: when you don’t take password security seriously, the consequences can be devastating for your business—as in $200,000 for a small business to repair systems and recover data after a breach or $170 million in costs to a single company after a large data breach.
More importantly, if your data breach puts customer information at risk, can you ever gain back the trust needed to run your business effectively?
Two Major Password Issues
Most password problems boil down to one of two major issues:
1. Most people choose poor passwords.
2. People who do choose strong passwords aren’t careful about keeping those passwords safe.
When you choose a password that’s easy to remember—your birthday, your dog’s name or a single word—you make it really, really easy for the bad guys to either guess your password or crack it by brute force with easy-to-obtain technology.
You might think you’re being clever by reversing your birthday or combining it with your dog’s name, but on average it only takes six hours to crack that kind of password. In fact, the most common passwords take seconds or less to crack.
Even longer passwords can be relatively simple for dedicated hackers to crack, which is terrifying.
If you’re using good, strong passwords, are you storing them on a sticky note on your computer screen? In a plain-text file on your computer? In the Notes section of your phone? Don’t do that. It’s okay to write down passwords, but do so in a personal notebook that’s stored separately from your computer. Yes, it’s a bit of a pain to access the passwords when you need them, but it’s a bigger pain to pay $200,000 to restore your data after a breach.
Three Password Rules to Follow
If you want to increase your password security and simplify your life, here are three simple rules to follow:
1. Don’t use the same password for everything.
When you use one password for everything, you dramatically increase your vulnerability. If a hacker figures out that one password, all of your information is at risk.
2. Don’t require employees to change passwords every 30 or 60 days.
If you’re in charge of setting the rules at your business, be smart about it. When you require employees to change their passwords every 30-60 days, you almost ensure that they will write down their passwords. Don’t require password changes more than every 90-120 days.
3. Don’t use regular words, even if you are being clever about it.
When you use an ordinary word as your password, even if you add a capital letter and a number to it, you make it very easy for hackers to break your password using dictionary software.
The one thing you should do for more password security
So, what can you do to secure your passwords and your information? The solution is quite simple: use a password manager. A password manager is a software tool that can generate completely random passwords and remember them for you. With a password manager, you use a single passphrase to lock and unlock the password manager and that is the only password you need to remember.
A passphrase such as “I hang the laundry on Tuesdays.” incorporates words, capital letters, spacing and punctuation and is extremely difficult to break because of its length. Within the password manager, you can maintain unique passwords for every single site and application. Passwords look something like this:
That’s a pretty tough password to crack and you never have to remember it!
Arvig uses LastPass as a password manager throughout the company. If you are a small business owner, your employees can use the free version of LastPass for stellar security. Larger companies can explore the enterprise pricing for advanced features.