By Eric Payne, Sr. Security Architect

Image Provided by https://xkcd.com

Doing business and accessing information online is not only the preferred way to do business, but for many industries it has become standard. This creates a challenge for all of us – password management.  We all deal with passwords and password management in our own way, and chances are, how we deal with it depends on our level of fear of being hacked. The Microsoft Identity Security and Protection team has seen a 300 percent increase in user accounts attacked over the past year. A large majority of these compromises are the result of weak, guessable passwords and poor password management. The data comes from https://www.microsoft.com/en-us/security/Intelligence-report, released in August 2017 with data from Q1 2017.

To date many of us have been lazy with our passwords, using passwords that are weak – and easily hacked. Past logic that has been burned into our brains (8 characters, numbers, letters, CAPS and symbols) is being challenged and new recommendations are taking hold that will make our passwords stronger and easier to remember.

Most likely, it’s time to reevaluate your approach to passwords and make some changes based on new standards. Below are few things to consider when choosing passwords.

Phrases: This is the good news - security experts are recommending a move away from passwords and toward creating passphrases. This significantly decreases the chance of your password being guessed. It also makes it easier for you to remember. Kaspersky provides a great password checker tool that shows us the power of phrases. For example, if we enter in the password PassW0rd17@, it would take a home computer about four hours to crack that password. If we enter the passphrase Mydogruns1block, the tool shows that it would take a home computer 25 centuries to crack the phrase.

Diversify: Do not use the same password for multiple accounts. Chances are, you are going to have to use the same login – a lot of times this is going to be your email. Email addresses are easy to find. If your password is weak and one account is compromised, it will be very easy to access other accounts that have the same password.

Migrate Risk: It’s true that some accounts are higher risk than others. But if you are not practicing the recommendations above, someone might be able to hack into your gym membership account, and then figure out your Amazon, bank or credit card accounts. Many people share personal information on social media – it’s not too hard to figure out where you live, bank, shop or spend your time. This puts you at risk.

As you examine your passwords, don’t forget the basics. Never use personal information such as your username, email address, birthdate, social security number, phone number or family member names. It’s also good practice to utilize a password manager to keep track of your passwords. There are several apps available today that do a good job of organizing passwords.

I encourage you to schedule some time to review your password strategy. Don’t wait until one of your accounts has been compromised. Just because it hasn’t happened yet doesn’t mean it won’t. Your identity, financial means and reputation can all take a hit from lazy password management.