ABC123: Passwords are ruining your software security
Last week we discussed how to beef up your software security to avoid data breaches in your own office. One thing we glaringly left out was how much of a danger passwords are to cyberscares like Heartbleed in 2014 – a security bug that left around half a million of the Internet’s secure web servers certified by trusted authorizes vulnerable to the attack, which allowed the theft of private user’s sessions and passwords.
As we support many clients around the country, it is surprising how often people use generic passwords like Admin, Password, 1234, or their name. These passwords are worthless and you would be just as good not having one. Some may claim that a bad password is better than no password, but that is simply not the case with these as they are the first guesses that anyone is going to try. These are the equivalent of having 3 deadbolts on a door yet choosing to leave it unlocked because the door handle will keep the door latched and you feel the appearance of the 3 deadbolts will deter everyone from entering.
SplashData periodically releases a list of the worst passwords for a year. In 2013 these were the top 10 worst passwords:
Do any of these look familiar to you? If so, run to your computer and begin changing them now. While most security experts recommend have a unique password for every site you login to, it’s really impossible to ask of people to do.
Another common practice that we run into is that a password may be a secure one, but everyone in the office uses the same one, or everyone knows each other’s login. When a non-Admin employee can log in as any one of five users and gain access to permissions not assigned to their login, then the whole purpose behind the user permissions is compromised. Your office may be small enough that you are ok with that, but this should encourage you to reconsider.
Some people will create passwords that meet every qualification for top security, but will then stick them to the monitor with a Post-It note. While this is efficient against outside cyber attacks, it does no good for someone that is able to physically gain access to the computer. If you do need to write down your passwords then store them in a safe or other location that is not as easily accessible to everyone.
If you haven’t already stopped reading to check out your passwords, consider changing the ones that contain the most sensitive data of yours including personal and payment info. You can also check into apps and computer programs that save and create secure passwords so you don’t have to such as Dashlane and LastPass.
Source: SherWare Blog