Think Your Password is Safe and Original? Here's Some Password Best Practices
Is your password “123456” or just plain old “password”? If so, you’re not alone. When media company-Gawker Media’s million plus user database was compromised by hackers, the passwords of nearly 200,000 users were decoded and made public. Of those exposed, over 3,000 people used the password “123456” and nearly 2,000 were using “password” as their password.
Think your name is an original password? Apparently lots of Michelle’s and Jennifer’s did because those made the most common password list as well. Check out the complete list to see if you have a popular password.
This past weekend on the dark web hackers were offering to sell 590,000 Comcast email addresses and associated passwords. Of those, Comcast verified that 200,000 accounts were still active and had the account owners reset their passwords. According to Cnet, hackers didn't breach Comcast's computers to steal the information. Instead, they created their list of passwords with information stolen from [people across the web]." Hackers are skilled at tricking individuals into sharing their passwords. Then, since people often use the same password for multiple sites, the hackers have gold.
Gawker and Comcast being hacked are yet more reminders of the importance of having strong passwords and updating them regularly, especially in the hedge fund and investment management industry. Here are some tips to create safe passwords and keep them safe:
First off, passwords are essential but simply having one isn’t enough. Remind users not to leave passwords on sticky notes or under their keyboards. One way to remember a new password is to use it immediately and often.
Require complex passwords that incorporate letter, numbers and symbols. Also, don't allow users to reuse the same password within a certain time frame.
Don’t change a password before leaving on vacation or on a Friday, as you’re more likely to forget it when you return to work.
A good password is easy for a user to remember but hard for someone to guess, which may sound easier said than done. Think about substituting letters for numbers and vice versa.
Avoid using personal information in your password that may be easy for someone to figure out. Things to avoid include your name, address, date of birth, pet’s name and children’s names.
Don’t use the same password for all your accounts – switch it up. For example, you can use the same word but change it up by capitalizing different letters or substituting letters for numbers.
Be sure to change your password often. We recommend changing a password every 30- 90 days. Many of our clients already have automated procedures in place to enforce this policy.
For more Security advice, checkout the following articles and watch our quick IT Dos/Donts Video:
Source: WSJ, Anonymized set of 188,279 leaked Gawker Media passwords. Current and former Gawker Media sites are highlighted in red.