The Most Important Not New Technology Tip: Passwords Matter

This last digital decade has been filled with a fantastic amount of innovation and explosive growth in personal digital services.  So many services both personal and required for your job exist;  Email, Facebook, Twitter, VPN, AD, LAN, WiFi, Intranet, Extranet, Voicemail, Line of Business apps…..you get the idea.  If you’re like most people, you’ve standardized with one or two passwords that you rotate through, if possible, and that have stayed basically the same for the last couple of years.

I had a conversation with Mike Fitzpatrick, CEO of NCXgroup, an information security risk management firm, who mentioned that with their rainbow tables they crack 98% of all passwords they run into, and in most cases when they do a security audit of a company they get 100% of all the passwords.

According to Mike, “…even “password” is a good password if it looks like this:P@$W0rd.   7  character passwords tend to  better than 6 or even 8 characters because the hash algorithm tools are looking first at even number character passwords.  Change them every 90 days whether the system requires you to or not, and don’t reuse a password for 12 months.”  Thanks for the insight Mike, it seems so basic, yet this just became a priority task for me.

As you manage your online profiles the importance of different passwords becomes paramount since there are services that allow you to login to 30+ sites with one set of credentials.  Essentially, if someone learns one password, it becomes very easy for them to test the most popular sites to see what else that gives them access to.  Here’s a funny yet eerie cartoon starring a black hat hacker.

So, the lessons on this Not New Technology Tip, are:

  • change your passwords
  • make them different
  • 7 characters with special characters
  • change them at least every 90 days with no reuse within 1 year.

3 thoughts on “The Most Important Not New Technology Tip: Passwords Matter

  1. And for the Kaseya Management Console, passwords are not enough. A single credential, shared, stolen or guessed compromises the integrity of not just the current business you are connecting to, but to every business you connect to.

    This may seem self serving, but this is exactly where AuthAnvil compliments the security of Kaseya to deliver strong two-factor authentication. Through our identity assurance checks, you can gain confidence that even if a weak password is used to log into Kaseya, it is useless to an adversary. Without their AuthAnvil strong credential, they will not be gaining access to Kaseya.

    With K2, Kaseya has provided the hooks for AuthAnvil built in. So its easy to install, configure and maintain, right within Kaseya itself. Many thanks to the team at Kaseya for seeing the value of AuthAnvil in this regards to strengthen the fact that passwords indeed matter A LOT in Kaseya.

  2. Great post underscoring the need for stronger methods of authentication. I’ve bee working with a company called TeleSign (http://www.telesign.com/) who has been successfully deploying two factor solutions across a broad spectrum of online enterprises. Feel free to check them out.

    Respectfully,

    TeleSign Matt

Leave a Reply

Your email address will not be published. Required fields are marked *