You enter another password into yet another new account, one of the twenty-seven that you’ve had to create just to purchase one item, read one recipe, or get the rest of the article you’re looking for. It’s okay to admit it, you feel a rush of satisfaction when the security indicator below the text box flashes green. Secure Password! You’ve done it again. There’s only one problem.
Sure, the password you use is secure by most standards. It uses letters, numbers, and special characters. It’s at least 12 characters, if not 24. And best of all, you’re sure you won’t forget it whenever you need it again--because it’s the same password you’re using for all of your accounts.
We’re all guilty of this at some point or another, exasperated at the number of times we’ve had to click the Forgot Your Password link that almost mocks you from the bottom of the page. Now that everything seems to require an account, and every account requires a password, it’s no surprise that the majority of people use the same password for multiple things.
Not Just Personal
The same is often true of office computers and businesses that use different software platforms to work and store data. Though I’m certainly no cyber-criminal, I still remember the usual passwords for the office where I worked in college.
A study from LastPass reports that 44% of employees say passwords have a negative effect on their productivity--which makes it tempting to save time by using the same password for multiple applications. Unfortunately, no matter how extensive the password, using the same password for multiple accounts--and especially business software--is still increasing your risk of a data breach.
Using the same password for multiple accounts, much like using easily identifiable personal details, is what TechSpective’s Tony Bradley calls the cyber equivalent of “locking your door and leaving the key under the doormat.” When several accounts use the same password, you’re not just leaving hackers the key under the doormat--you’re leaving them an entire keyring.
And when it comes to your business, odds are the data stored in those accounts isn’t just yours. It’s the detailed information of clients, coworkers, and contacts. Suddenly, a world of information is opened up and everyone’s data ends up compromised. Since most people still use common combinations like birthdays, anniversaries, and surnames as part of their passwords, access to personal information--even on just a customer profile--could be enough for a hacker to gain access to even more of a customer or company’s accounts. It’s like a data breach weed that starts to invade, choking out any adjacent valuable data.
Securing Your Software
Experts still have more advice for your passwords than the usual diversification of characters. Roger Thompson, Chief Emerging Threats Researcher at ICSA Labs, advises against using any “common passphrases,” like catchphrases, pop culture references, and even things like “I like BBQ.” Instead, Thompson encourages the use of “a bunch of random words strung together.” This understandably makes the password more difficult to guess, especially since hackers may use their software that is trained to recognize common patterns.
Additionally, many experts strongly advise implementing a password manager, such as LastPass. Password managers will “maintain a list of usernames and passwords in encrypted form,” and some will even implement the auto-fill function that so many of us forgetful folk love and adore.
Ultimately, password security is common sense. After all, when the staff at Dunder-Mifflin found themselves locked out of their server, they deduced the password in less than ten guesses. And if Michael Scott can guess your password, then a hacker can too. Don’t give them your entire digital key-ring.