Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Are You Practicing Good Password Hygiene?

Are You Practicing Good Password Hygiene?

Passwords are not a modern invention by any stretch, but as we have dealt with them for so long, there are a lot of bad habits that many people have adopted. That’s why we felt that it was appropriate for us to call out some of these habits and discuss some better options for you to adopt.

How Hygienic are Your Passwords?

With so many of us relying on so many passwords every day, poor password hygiene can often seem to be a foregone conclusion. Think about your own passwords, right now, and see how they compare to this list of inherently insecure patterns that many people develop:

  • Personal details, like your name or birthday
  • Names of friends, family, or most infamously, your pets
  • Commonly used words (like “password” or a favorite sports team)
  • Simple keyboard patterns (like “12345” or “qwerty”)
  • Repeated login credentials (like username: David1973, password: David1973)
  • Making their passwords as short as possible

Now, before you zip away and try to figure out new passwords for all of the accounts that have these kinds of passwords protecting them, let’s take a few more moments to figure out how to actually come up with ones that will be secure.

To begin, let’s consider some “best practices” that should no longer be described as “best.”

Some Less-than-Best Practices

According to NIST (also known as the National Institute of Standards and Technology), the following practices aren’t all that effective any longer when it comes to secure password creation.

  • Alphanumeric Switching: So, we all (should) know that something like “password” isn’t nearly secure enough to be used as a password. As a result, many users would use “p455wO2d” instead, changing letters to numerals and occasionally playing fast and loose with their capitalization. While this isn’t always a bad strategy, using such a common password still makes it far less secure than it needs to be.
  • Length Requirements: It’s likely that you have encountered this as well, as a program has kicked back your chosen password while announcing that “it is too short/long for its eight-to-ten character limit.” According to NIST, these antiquated requirements literally short-change security, as longer passwords or passphrases are more difficult to crack but easier to remember than the short jumbles of random characters.
  • Banning Cut and Paste: For some reason, many username and password fields don’t allow content to be cut and pasted into them, almost as if the prospect of typing out someone’s account details will stop a hacker in their tracks. This also makes the use of password managers, a hugely useful tool in maintaining good password practices, less available. So long as they are used properly, password managers should always be encouraged, as they enable a user to store and use multiple passwords while only really remembering one.
  • Password Hints: We’ve all been asked to set hints for our passwords before, just in case we forget them. You know the ones: “Where did you graduate from high school?” or “What was your first pet’s name?” The trouble with these questions is simple: our online habits make this kind of information easy enough to find online, especially with social media encouraging us to share pictures of our pets, or announcing that we’re attending the “Educational Institution’s Class of Whatever Year’s Something-th Reunion.” Instead of relying on these hints, combine multiple forms of authentication to both offer additional means of confirming your identity and better secure your account.
  • Frequent Password Changes: Considering how many passwords we're all supposed to remember, it only makes sense that users would fight back against frequent password updates by only changing a single detail about it and calling it changed. For instance, let’s return to David1973 for a moment. If this user were forced to change his password too often, it is likely that he would resort to simply adding an easy-to-remember (and guess) detail. Maybe this is the fifth time that David1973 has been told to change his password, so while his password started as “David1973,” it progressed to “2David1973” to “3David1973” and so on to “5David1973.” Of course, we aren’t arguing that passwords should never be changed, but make sure that these changes aren’t actually counterproductive.

How to Create a Secure Password

Rather than using a password, per se, we recommend that you instead use a passphrase. Let’s use a quote by author Elbert Hubbard as our example: “Positive anything is better than negative nothing.” 

Of course, this is a mouthful to type, in a manner of speaking, so it might make sense to use some alphanumeric switching to help abbreviate it into a complex phrase that is still easy to remember.

Doing so, “positiveanythingisbetterthannegativenothing” becomes “p0$!tiV3NE+hg>-tiV3_+hg”.

Then, if you use this password as the master access code for a password manager, the rest of your passwords/passphrases could foreseeably be randomly generated, increasing your overall security even further. To make your password manager even more secure, you should really devise your own complex phrase, rather than steal one from an author.

You never know, some enterprising cybercriminal might be a big fan of Hubbard’s works, too.

For more advice and assistance to help you make your passwords and accounts as secure as possible, reach out to Total Tech Care by calling 866-348-2602 today!

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 25 December 2024
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Google Business Network Security Microsoft Internet Email Malware Backup Workplace Tips Innovation Data User Tips Computer Mobile Devices IT Services Hardware Disaster Recovery Android VoIP communications Smartphones Business Continuity IT Support Communication Smartphone Miscellaneous Mobile Device Small Business Network Browser Productivity Collaboration Cybersecurity Quick Tips Users Business Management Managed IT Services Upgrade Windows Phishing Outsourced IT Ransomware Data Backup Windows 10 Cloud Computing Office Server Save Money Data Recovery Passwords Windows 10 Virtualization Saving Money Holiday Tech Term Social Media Chrome Gadgets Managed Service Automation Managed IT Services Microsoft Office Computers Facebook Cybercrime Operating System Artificial Intelligence BYOD Mobile Device Management Networking IT Support Health Internet of Things Hacking Wi-Fi Covid-19 Information Office 365 Telephone Systems Information Technology Managed Service Provider Remote Alert Spam Bandwidth Router Employer-Employee Relationship Recovery BDR Social Engineering Mobility Password Money Mobile Computing App Encryption Application History Applications Data Breach Law Enforcement Human Resources Big Data Remote Monitoring Apps Data Storage Patch Management Office Tips Training VPN Government Private Cloud Remote Computing How To Managed IT Blockchain Mobile Office Paperless Office Work/Life Balance Marketing WiFi IT solutions Entertainment Website Vulnerability Infrastructure Budget Windows 7 Voice over Internet Protocol Word Wireless Google Drive Servers Gmail Settings Avoiding Downtime Two-factor Authentication Data Security Mouse HaaS Bring Your Own Device Flexibility Data Management Meetings Cleaning Machine Learning Remote Work Connectivity Conferencing Employee/Employer Relationship Risk Management End of Support Hacker RMM USB Education Physical Security Scam Safety The Internet of Things Lithium-ion battery HIPAA Sports Redundancy Keyboard Vendor Management Data Protection Firewall Virtual Reality Apple Save Time Social Vendor Managed Services User Error Telephone System Staff Software as a Service Display Computing Infrastructure Hiring/Firing Going Green Processor Wearable Technology Retail Hard Drives Update Instant Messaging Robot Excel Hard Drive Printer Bluetooth Battery Google Docs Identity Theft Biometrics Shadow IT Virtual Desktop Legal Business Intelligence Computing Audit Internet Exlporer Worker DDoS IT Management IT Consultant Augmented Reality Fraud Botnet SharePoint PDF IT Plan Humor Remote Worker Digital Signage Proactive IT Customer Service Cryptocurrency Unsupported Software Environment Best Practice YouTube Charger Fax Server Black Market Procurement Workplace Strategy Compliance Comparison Net Neutrality OneNote Computer Care Current Events CES Help Desk SaaS Document Management Telephony Printing Solid State Drive Wireless Technology Samsung How to Business Technology Downtime Content Management Network Congestion Access Control Value Managed Services Provider eWaste Virus Virtual Assistant Data storage Database Automobile Spam Blocking Unified Threat Management Authentication Electronic Medical Records Computer Accessories Remote Workers Telecommuting Manufacturing Mobile Project Management Email Best Practices Windows 10s Cost Management Nanotechnology IT Assessment Social Networking Cortana Cast Cameras Tip of the week Computer Tips Reputation webinar Digital Signature Managed IT Service Streaming Media Emergency Security Cameras Biometric Security Content Professional Services Warranty Virtual CIO Public Cloud OneDrive Tech Support Employer Employee Relationship HVAC Peripheral Laptop Assessment Google Apps Running Cable Techology Windows Server 2008 Digital Security Cameras Customers Memory Analysis Using Data 5G Audiobook Tools Administrator Devices Copiers Printer Server Enterprise Content Management Quick Tip Touchpad Television MSP Ergonomics Accountants Smartwatch Credit Cards OLED Politics Microchip Advertising Thought Leadership Development Password Management PCI DSS Public Computer Science Password Manager Virtual Machine Regulations 2FA Fiber Optics Notifications Transportation Multi-Factor Security Employee Cabling Search Engine Computer Fan Twitter Messaging Rootkit Customer Relationship Management NIST Policy Business Mangement Hypervisor Distributed Denial of Service Dark mode Relocation Workers Analyitcs Smart Tech Trend Micro Benefits Trending Amazon Default App FENG Programming Addiction SMS Procedure IBM Recycling Saving Time Video Games Worker Commute Flash Wiring dark theme Practices Shopping Smart Technology Google Search Amazon Web Services IT Infrastructure Experience Consultant Antivirus Cache AI Analytics Safe Mode FinTech Supercomputer Windows 8 Criminal Bing Scalability Software Tips Business Owner Sync IT service GDPR Emails Hosted Computing Social Network Online Shopping Investment Best Available Wireless Internet NarrowBand File Sharing Employees Tablet Employee/Employer Relationships WIndows 7 Search Domains Camera Windows 365 iPhone Netflix Inventory Two Factor Authentication Specifications ISP Evernote ROI Root Cause Analysis Wire Video Conferencing HBO Maintenance Sales Knowledge Bitcoin Music Travel Shortcuts IaaS Skype Printers Point of Sale Files Bloatware Personal Millennials Cryptomining Smart Office Supply Chain Management Chromecast Wireless Charging Data loss Outlook PowerPoint Monitoring Leadership Windows Media Player Tablets Batteries Troubleshooting User Workforce Start Menu Virtual Private Network Windows 8.1 Colocation Entrepreneur Digitize Uninterrupted Power Supply Loyalty Cables Windows Server 2008 R2 Screen Mirroring Frequently Asked Questions Shortcut Customer relationships Monitor Books Managing Stress

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code