The top 5 WORST passwords
IT security concerns are becoming a top priority for CIOs around the world. And well they should be. Between the rise of BYOD and the growing IT spend, there’s also a lot of confusion on how to secure BYOD and company-owned IT assets. It has to be done – more and more, IT helps you drive revenue. Letting it all run unchecked is a bad idea. Sadly, that’s happening often.
As seen in a previous article, 27% of IT professionals said they don’t fully understand the negative impact of mobile security issues. The majority of people do at least know that passwords are important, and that’s why one of the most common risk control measures is password protection (67%).
The problem, of course, is that some-to-most employees are still making simple password mistakes that could put their data (and the business’ data) at risk. For example, here are the top five of the “25 Worst Passwords of 2014” reported by SplashData, and we can certainly understand why they have won that ranking:1. 123456
While it is very surprising to think that some people still choose such unsafe passwords (“batman”, “baseball” and “abc123” were also part of the list!) with all the online hacks and breaches of the past year, it is reassuring to notice that the top 25 worst passwords represented only about 2.2% of passwords exposed. That means that people are learning.
Nonetheless, since this list exists, it means that password-related security concerns have to be addressed in order to ensure the safe management of your personal information. You can’t stretch IT budget without first making sure your IT assets are safe.
Did you know the only things a hacker needs to crack most of the passwords is time and a dictionary? It is only a question of commitment until that person finds out your fairly guessable passwords. Increasing the strength of your password (and encouraging the employees of your organization to do it too) will decrease the risk of being hacked.
In the spirit of helpfulness, here are the best practices when picking your new protection login!
Make your password harder to guess: 8 things you should avoid
- Don’t use your first, middle, last name or nickname.
- Don’t use the name of family members or pets.
- Avoid including birthday dates, phone numbers, addresses, or postal code.
- Have a combination of letters and numbers (at least). A password with only numbers is weaker than one with both letters and numbers.
- Don’t use the name of your favorite sport, sports team, athlete, artist or brand. With the increase usage of social media, this kind of information is easily found by hackers.
- Don’t use the same password for multiple sites. To help you keep track of every single one, you could add the first letter of the site you are on as the first or last letter of your password (e.g. put “F” in your Facebook password to differentiate it from the passwords you use to log in to other sites).
- Don’t write your passwords down! It is better to forget it and get a new one with the help of the security questions, than risk someone finding that paper with your confidential information.
- By the same token, it should be obvious that you should keep your password secret and not share it anyone.
Now that you know what you shouldn’t do, here are 8 things you NEED to start doing
- Choose a password that cannot be found in a dictionary. Words in dictionaries are the easiest for hackers to guess because hackers will arrive at such terms given enough time.
- Make it difficult for other people to guess it. Think outside the box and chose uncommon words or something unique.
- Purposefully misspell the word to decrease the risk of cracking.
- Remember that the longer the password, the harder to hack. It should contain at least 8 characters (longer is better).
- Replace letters with numbers. Putting “0” instead of “o” is predictable, but it is still better than not having any numbers. The safest option would be to replace some letters with random numbers (e.g., “F” with “2”).
- You should create a “base password”: Choose a quote or a saying that is easy for you to remember and take the first letter of each word to create the base (e.g. “Think Outside The Box And Be Unique” would be “totbabu”).
- Your password should be a combination mix of lower- and upper-case (e.g. TotBAbU)
- It should also contain numbers and special characters (e.g. 4TotB8abU%).
Et voilà! You now have a safe password!
Always optimize the security of your password
Now that you have a strong password, you have to make sure it stays secure over time. Even if it’s painful to change a password when you finally find one you remember, you need to update it regularly (every few weeks or months) in order to decrease the risks of hacks.
Tips to make this process smoother would be to change only the “base password”, change the special character or reverse the use of the lower- and upper-case letters.
You should create a procedure for yourself to follow every time you want to change a password in order to remember it more easily.
On a final note, if you don’t have the inspiration to constantly create a new password, you can always use the help of a password generator and adapt it to your needs.
Get ahead in your IT assets management
If you’re a CIO, you have to know that securing your passwords is just the first step in terms of technology management. Have you ever thought of all the other IT challenges inherent to managing business IT?
At Cimpl, we’re Canada’s leader in IT and telecom expense management and we can help you better manage your business’ assets, secure your BYOD, and stretch your IT budget. This all helps you drive revenues! Contact us to find out how we can help you better manage your IT and telecom assets.