The cyber-security landscape is complex. Not only is there a need for strict adherence to compliance frameworks, but there is the need to compete in the marketplace and satisfy shareholders by bolstering security and staying out of the news by having the right teams and the right equipment in place. Oftentimes, though, the most discounted aspect that lays the foundation for cyber-security is the password. It cannot—and should not—go overlooked if your organization is making cyber-security a top priority for 2019. Employees can, and do, complain about password complexity and uniqueness requirements, as well as how often a password needs to be changed.
There are different schools of thought when it comes to passwords; yet, passwords share a remarkable amount in common with nutrition. In the nutrition world, there are right and wrong answers to what is healthy: green beans will always be a healthier choice than deep fried funnel cakes. Just as there is not one ideal superfood (introducing varying ranges and combinations of healthy foods is the way to go), passwords follow the same paradigm. Broccoli is packed with vitamins and antioxidants but eating only broccoli would not constitute a healthy diet.
From this, we learn that variation is key: passwords need variety, not only a unique password for every site or service, but also an internal variety of lowercase, uppercase, numbers, and symbols. Taco Tuesdays are not random, they are predictable. Passwords should not be as predictable as Meatless Mondays, either. It should be more like Whatever Wednesdays. Keep them random to keep bad actors and bots guessing. Avoid passwords that are predictable: your name, your family’s names, your hometown, or your birthday. Finally, snacks should be more like PIN codes: short and abbreviated (and part of the overall picture) but never the meal. Passwords are to be thought of as a buffet and not a snack: the longer the better, with a bit of chance added to the plate (because you could not pass up the tray of goodies at the end of the line).
Just as food is stored inside of a closed refrigerator within your locked home, passwords should be stored in a vault —such as a password manager—and not written on a sticky note attached to your computer screen. Password management tools let you know when there has been a hack of a service and when to change your password for that site.
I hope this gives you some food for thought in helping understand the importance of password security. Stay tuned for more next time.