Password Problems: Why We Still Have Them, and What to Do About It

August 7, 2019

Imagine that you have just purchased a large, million-dollar house. For security’s sake, you install locks on every external door, but they are the same simple locks that you’ve used at every house you’ve ever lived in. Furthermore, you’ve given out copies of the master key to loved ones, some of which weren’t returned. You’ve even lost a key to the house when your bag was stolen next to you on the train.

The situation seems far fetched. Who would install old, easy-to-pick locks with missing spare keys to protect extremely valuable property? The answer: plenty of us, only the valuable property is our online data. Simply put, every time you reuse the same easy-to-remember password, you’re acting like the unwise homeowner discussed above.

Today, passwords protect everything from IRS tax returns to medical records and personal finances. Combined with the near-ubiquity of smartphones and other “smart” devices, this puts nearly all of us⁠—more specifically, our personal information⁠—in a perilous situation. There has never been more personal data online, and hackers are actively looking to exploit this glut.

Lazy Passwords are Not a New Problem

While it’s true that hackers and criminals hailing from all corners of the globe continue to grow in sophistication, there is one extremely simple behavioral change that can drastically reduce how effective such persons are⁠—and it’s been the same since computers became widespread.

Unfortunately, this simple change is something that we modern humans continue to struggle with. How hard could it really be to use longer passwords that don’t repeat? It turns out: quite difficult. Polls have indicated that somewhere between 60-80% of users admit to using the same password for everything. In one study cited in a recent PixelPrivacy article, the majority admitted to doing it even though the respondents knew that their identity could potentially be compromised from repeating their passwords.

While using the same password for everything has been bad security practice since passwords were first invented, the modern landscape of massive data breaches of everything from retail giants to state governments has added a layer of urgency to the situation. The Dark Web is, unfortunately, full of programs that scan these breached usernames and passwords against social media, email, and other logins. This means that the password you use to check your credit score with Experien could be giving hackers access to your Facebook account (or vice versa) if you’ve used the same password for both accounts.

The Good News: Password Tools Exist to Help

So what is to be done? Clearly, the problem is deep-seated if the vast majority of people are all making the same mistake on their computers and smartphones. Fortunately, several tricks also exist to help us overcome our password problems.

Technique 1: Make Strong Passwords. This is more of a precursor to the password management strategies below. Make sure your passwords are strong. Long, random phrases (we’re talking 20 characters) are hardest for computer programs to guess. Make sure you’re using numbers and special characters; there are a few ways to do this in a way that makes passwords stronger without being impossible to remember. For example, you could use old addresses combined with non-number/letter characters; for example, @123 South Main Street Everytown USA!.

Technique 2: Keep it Old School. In this method, you write your passwords down on paper. This technique is simple and easy to do, but you have to keep the paper with you. On the upside, the passwords won’t be found unless your physical home or office is compromised, too.

Technique 3: Use a Password Tool. Use a built-in tool like Apple’s Keychain or 3rd party apps like Lastpass to encrypt and store all of your new long passwords. The advantages: you only have to enter your new passwords once. The disadvantage is that Keychain or Lastpass requires just a single password to access all of your other passwords, so choose carefully.

It’s also important to understand how two-factor authentication works and enable it on your most sensitive accounts wherever possible. Essentially, two-factor authentication requires a second device to gain access to accounts. These days, some companies have moved to make this a standard practice when you’re setting up an account. Two-factor authentication greatly reduces the chance that a hacker will be able to access your bank account or primary email address, both of which could have particularly devastating consequences if hacked.

Strong Passwords are Good For Business

So now that the importance of having a strong password and not repeating it has been laid out in a personal context, it’s important to discuss why businesses need to make sure their employees are also participating in these password best practices. Most companies now use software for every element of operations, and this data getting compromised could have devastating consequences for the whole business, including customers.

Some IT departments now make all employees change their password every 90 days, which is one way to attempt to keep things fresh. Employers might also offer to purchase password management apps for organizations so that everyone’s 90-day password doesn’t just change from “password123” to password321,” which would essentially defeat the point of the exercise.

No matter which technique(s) you and your business use, it’s important to start using stronger password best practices now. It seems that we hear of a new data breach every month, and as mentioned above, the stakes have never been higher, given the outsize role that digital information now plays in our day-to-day lives. For more information on password security, check out this resource from PixelPrivacy.

If this article has you thinking about your business software and wondering if it’s secure enough, it may be time to consider an upgrade. When it comes to centralized business management software, look no further than aACE to provide the solution that your small business needs. Join a webinar today to see what aACE can do for your business.

Join a Webinar

Along with educating and encouraging all users to develop stronger passwords, aACE Software also recommends partnering with a dedicated firm like Critical Defense to help you not only stay above the competition but protect your valuable data while doing so.

Topics

Recent Posts