Don't Forget to Share this Post

Personal Password Hygiene Tips from Eze Castle's Director of International Technology

By Jamie Smith | Tuesday, August 11th, 2020
Today’s blog article is from our guest blogger, Jamie Smith – Director of International Technology at Eze Castle Integration. The article explores tips to maintain personal password hygiene. Keep reading for actionable password safety hacks!

I recently participated in a webinar discussing good cyber hygiene whilst working from home. Some great, practical advice was shared, however, it did dawn on me that most people treat their own personal hygiene with a very minimalist mentality compared to professional security. Beware - this could pose a huge risk! 

Password complexity is a big debate - passwords vs. passphrases. Do you substitute consonants and vowels for numbers and symbols, thus scrambling the word, but making it harder to remember? Or, do you use a passphrase that is longer but super easy to recite?  



Photo Credit: xkcd.com

We can make this even simpler when it comes to work accounts, Single Sign On (SSO) is very popular with most businesses including it as a pre-requisite when choosing multiple SaaS platforms. And, you will generally use your corporate ID to sign in to them, one password, with 2 factor authentication – no problem to remember!

The issue arises in the domestic setting. Think about how many websites you visit on a daily basis. Banking? Schooling for the children? Booking a gym class? Home Shopping….Netflix….Spotify? Then, add those less frequently visited websites on perhaps a monthly or annual basis. Sites you access less often tend to result in a frustrating 10 min back and forth on reset links and authorisation emails, and we use a simple repeated password next time for ease.

That there is the biggest mistake. Now, we will flood all those websites with the same password – perhaps a slight variant, to remember it and avoid the headache next time. This is what you call a ticking time bomb!

Not all websites will treat your data with the same level of security, and if just one of those websites is compromised and your data is leaked, you risk the credentials to all the others being available. I almost guarantee that all those websites also use the same common email address as your unique ID to log in.

The fail-safe option would be a randomly generated 32-bit code that would be impossible (in a timely fashion) to crack, for each website, no matter the frequency of access, or the importance of the data. But, how do you remember them all? It’s very simple and you’ve probably ignored it every time you try to enter a new password or cancelled it and entered your simple password.

Inbuilt to most browsers (Chrome, Safari etc.) or your mobile device, is a key chain manager. Within Safari, if you use your Apple ID, when you get prompted for a password it will look in your iCloud keychain for an entry, and auto populate it after a quick Face ID scan and successful authentication.

If you are entering a password for the first time, it will automatically suggest a totally random and long password for the site. No need to write it down and no need to remember it. If you ever need to look at the clear text entry, you can log in to the vendors application and retrieve it. Here is the Apple 'how to'.



Photo Credit: Apple

For Android devices, I recommend Google's Password Manager.

Finally, a few recommendations:

•    Have a long passphrase for your base account (iCloud, Google)
•    Add a secondary email address to your details if you get locked out (your partner or a work email?)
•    Enable 2FA (Face/Touch ID)
•    Never use a generic password again! 

We hope you found this article informative. For more on password security and maintaining a secure stance, contact our experts today!


 
Don't Forget to Share this Post

Related Posts

How Can Eze Castle Integration help you?Contact us today!

Contact Us