WOOF! Newsletter

November 19, 2014

How to Manage Your Passwords (and Why You Need To)

When did you last change your work password? If you aren't sure when, you need to read this WOOF. Using multiple passwords, and changing them frequently, is one of the most important - and least used - cybersecurity practices.

UPDATE:

In March of 2017, Edmodo, the education and social learning platform, was hacked. The hack exposed the personal information of an estimated 77 million students, teachers, and parents. The information exposed includes email, usernames, and passwords.

After the announcement, 77 million people groaned, “Ugh, now I have to remember ANOTHER password?”

Password management is an industry unto itself and one that benefits you, the end user.  Password managers not only store and protect your passwords, they can generate complex passwords, auto-fill forms, and even sync across devices.  LastPass leads the pack with its encrypted security (even LastPass employees can’t decrypt your data!), alongside Sticky Password, and Dashlane


How many passwords do you have?

We see users at many client sites who only use one password for all their accounts. Most of the time, they don’t remember the last time they changed their password.

In terms of data security, this is one of the most dangerous practices in modern business.

Here’s one – just ONE – reason why.

Dropbox: Calm Down, We Weren't Hacked – PCMag.com

Hundreds of Dropbox users' passwords leaked online. Even if Dropbox itself wasn’t hacked, that only means "this time." Hacking attempts still continue. (We recommend Dropbox users switch to a more secure service, like our Private Cloud Fileshare).

There’s one thing we do agree with in the article: Dropbox security team member Anton Mityagin said:

"Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services."

Don’t Use One Password for All Your Accounts

In the office, systems administrators are responsible for IT security. It’s their job to protect the data you use every day.

But you can make that job easier, and protect your own information at the same time. Just by using a variety of different passwords on your accounts.

"But I only need one password, don’t I? I only have a couple places where I need to enter a password."

We hear this objection all the time. It’s not out of ignorance; it’s because of familiarity. Most places where you’d use a password will save that password for you, so you don’t have to keep entering it. This makes it easy for us to forget how many times a password actually shows up in our workday.

Here’s a list of common passwords in a work environment:
  • Logon/network password
  • CMS/Website password
  • Email password
  • Vendor website password
  • Phone/tablet password
  • Banking password for corporate accounts
  • File server password
  • Network administration password
  • Wi-Fi password
  • VPN/Remote Login password
  • Password used to access certain software apps (e.g. timesheet tracking)
Quite a few more than you'd expect, isn't it?

Now how bad would it be, if you used the same password for all of these accounts.

Hacking from One Account to the Next

Imagine you’re a hacker. Hunting for data out on the Internet. Say you manage to acquire one user’s password through some nefarious scheme, and you break into that person’s work computer.

Plenty of data to copy. And your computer’s connected to the rest of the office. You/the hacker tries the same password on other things – accessing your business email, for instance. Uh oh, the password works there too. Hmmm, what about the Wi-Fi?

This one hacker now has access to everything your company does. Now imagine thousands of these hackers, trying to steal passwords by the millions…

This is why services like Dropbox are attacked so often. Get a hold of someone’s password, and you likely have access to all of their accounts. All of their information.

Fortunately, the way to stop this is simple: Use separate passwords, and change them regularly.
  1. Use a separate password each for: Banking, Email, Network Access, etc. You’re probably safe re-using a few passwords between all of these points. But you can’t skip the second half of this.
  2. Change passwords regularly. Every 4-6 months at least. And not just changing a number at the end—change the entire password. Set an Outlook calendar reminder to do this!

How to Remember All Your Passwords

Unless you have a fantastic memory, using multiple passwords over & over means you’ll need to store them somewhere. Securely, too – you don’t want to store passwords in a place hackers can get at them.

Here are two solutions for storing passwords securely (called “password management apps”):
These password management apps encrypt your passwords within their own databases. Locking them away so no one else can see them. Both of these are top-rated for privacy—and you can try them out for free.

Password Management = Critical for IT Security (And Something Everyone Can Do)

If you’re a systems administrator, schedule a mandatory password change for all employees twice a year. More if desired.

If you’re not an admin, download one of the password management apps above and start storing passwords. It’s easy to change passwords when the time comes—almost every system out there guides you through the steps.

Get in the habit of changing passwords regularly, and you’ll never have to worry about "the next hacking."
Related Articles
July 15, 2015
What You Need to Know About Windows 10
June 03, 2015
Are Coffee Shop Wi-Fi Connections Safe for Work? Umm, No.
April 07, 2015
3 Ways to Protect Against Ransomware (and Why Everyone Needs To)