We live and work in a cyber world where our physical and logical identities are disjointed and exposed. We don’t know how our logical identity and data are being accessed or by whom. We’re fairly easy targets for those who search for the vulnerable and naïve. According to the Offices of the United States Attorneys, “Cybercrime is one of the greatest threats facing our country, and has enormous implications for our national security, economic prosperity, and public safety.”

95_Txt_1-176217399From a business perspective, Forbes claims that “a cyber crime incident in the United States costs a company an average of $15.4 million, an increase of 19%.” And for the average family household, in 2014 alone, the FBI reported that Internet crime continued to rise and that the Internet Crime Complaint Center (IC3) “received 269,422 complaints with an adjusted dollar loss of $800,492,073.”

Now, with digital everything, exposure is even more of a risk. Yet many people fail to remember the most essential and basic element of security: protect your password.

But I have to confess, after advising clients on how to protect their companies against cyber criminals, I don’t like passwords. And I bet most of you don’t too.

We basically don’t like passwords because there are too many to remember and because of the increasing complexity of how Internet sites require you to create a unique password that is likely too difficult to remember. But my apathy is far beyond the concern of inconvenience. It’s because the real purpose for creating passwords—mere authentication and protection—has changed.

Passwords are knowledge based. They are associated with something you know. And as end users, we would typically use passwords from something we can easily recollect. This was (possibly, yes, probably) OK in an age when your information was not so readily available to the malicious actors or cybercriminals at large. However, in today’s world, it is just too easy to gather sufficient information to successfully guess a password, specifically when you have to remember a few dozen passwords for frequently accessed resources.

So we have have to protect our passwords and not fall prey to password leakage. Now very grudgingly, let me share with you ten best practices to protect your passwords at work or home:

  1. Do not share your password with anyone unless you want someone to have complete control over your digital life.
  2. Do not save passwords on browsers, although convenient. There are an innumerable number of scraping tools available to scavenge passwords for offline cracking.
  3. Never write down passwords. Those Post-it notes can post significant damage to your account.
  4. Always make passwords complex. There are plenty of examples on the web or the friendly instructions next to the web page’s password box.
  5. Do not use passwords that are easy to guess. A complete no-no is to use Password123 as a password, and even P@$$w0rd123 does not cut it. Yes, you got it.
  6. Do not increment a digit on the end when asked to change your password. You are not helping yourself. Today’s cybercriminals are equipped with tools and technologies which render basic arithmetics useless.
  7. Do not use the same password for all work-related accounts While again convenient, generally all it takes for bad guys is to persistently work on one account and try the password on another account. They know the pattern very well.
  8. Do not use the same password for personal and business accounts. At least keep them distinct enough so that in case one is exposed, it does not impact the other.
  9. Do not log in to business accounts using unsecured networks or devices. That Starbucks free Wi-Fi you see on your Wi-Fi list may not be coming from Starbucks at all.
  10. Never e-mail your passwords to anyone, including yourself. Use an out-of-band communication, phone call, or text. If you ever share over e-mail, share in a separate e-mail and make sure the password is changed immediately.

For more insights on the topic of security, check out this interesting article on Adapting Enterprise Security to Embrace IoT.

Join the conversation and connect with me here.

Valmiki Mukherjee

Valmiki Mukherjee

Valmiki is a multi-faceted technology management professional, leading the delivery of information security solutions to the industry. He has been the lead... Read more