In today’s age of heightened IT security and multiple password protected online accounts, is it any wonder that the average user chooses the simplest passwords to remember?
Well, as an IT security professional, it’s smart to think about user experience in order to keep your company’s data safe and secure. The average person has at least five password-protected accounts and they have to log on multiple times per day. Your help desk is probably similar to every other company’s in the fact that the most popular question they receive is regarding forgetting a password.
Breached Passwords are an IT Security Risk
Since learning to count is one of the first lessons a child learns, it’s no surprise that 1-2-3-4-5-6 is the easiest password to choose. But remember, if it is easy for the user, it’s just as simple for the hacker.
This problem has led to a declaration by mobile designer Luke Wroblewski to say the current login procedure is a broken system—and a very serious usability and IT security situation. Especially in today’s age of mobile and cloud computing.
'1234' Tops the List of Shortcuts
It’s very critical to know your company’s employees and convince them that even though they are required to remember many, many passwords, it is never smart to take shortcuts that threaten IT security. Wroblewski even took the time to list out some of the top weakest passwords from recently stolen accounts. It is actually surprising in the simplicity.
What were the top three passwords?
Further down the list, the weakest passwords include:
It was demonstrated that two thirds of the user accounts that were leaked from both Gawker and from Sony all used the same passwords on both of the large sites. That’s a lot of people who would rather not try to remember multiple login words.
What’s the Solution?
When Wroblewski broke the 12345 code he also provided some solutions. There is a lot of talk of the procedure the latest Windows Phone OS uses, including having a photo authentication process. More talk as technology increases has pointed to a face recognition system, too.
In response to all the IT security reaction to the “broken system” it is important to realize it is here to stay for awhile. And while there is absolutely no perfect password (remember this fact) words can be constructed in a way that can keep hackers at bay for awhile.
Basic rules for increasing a password’s strength should be always encouraged throughout your organization.
As a reminder, here are some thoughts for creating good passwords to beef up IT security:
1. Make your password a phrase instead of one word.
Choose a word phrase that you loved from child hood, or maybe a quote from your childhood. For example, maybe it’s “if a tree falls in the woods”. You can even turn it into a word based on the first letters: iatfitw.
2. Make the Password Phrase as long as possible.
The strongest passwords tend to be at least 6 characters in length. It can be annoying to always have to type it out or remember, but the longer the better. One tip to lengthening a password is just add the site’s name to the end.
3. Scramble, scramble, scramble it up.
Not just rearranging the actual letters, but instead you can suggest scrambling up your phrase by switching the order.
And of course, as IT security consultants, we always remind your workers (and yourself) to change passwords regularly.