The danger of one password for all your accounts
“It is so much easier to have one, hard to guess password for all my accounts” said a good friend to me a few weeks back. I agreed with him that a single password is easier for managing all the websites you visit on a weekly basis. At last count, I had 32 different websites I visit with some regularity that all require a username and password to get into. It really would be easier to have just one password (and there is a way to do it – read below), but you’re asking for problems with the increased ability of hackers to guess your password rather quickly.
So, what are the “best practices” for passwords? What are the best ways to minimize any problems with your passwords? How do you make yourself a “low-value” target for hackers?
The concept to really let sink-in, is that your computer passwords are no different than the keys to your home, car and office. Have you ever given your kid a key to your home and then they lose it? What the fist thing you do? Re-key your front door lock in case the key was lost at school or taken by someone who knows which home it opens up. In the digital age, hackers are able to make a copy of your “front-door key” without you knowing about it. Going one step further, you may have an alarm for your home that will alert the police about an intruder. This is great, until your home is compromised by someone who knows how to bypass your security system (every security system can be disabled). This “alarm”, in computer terms, is your anti-virus and anti-malware software. Do you have a good malware program? You should really have two running at all times.
Bringing it all together, here are the best practices for computer and password security:
Change your password every 3 to 4 months and make sure to use a complex password – uppercase letters, lowercase letters, numbers and symbols
Never use a word in your password that can be found in the dictionary
If you are stuck on only wanting one password for everything, subscribe to a cloud-based password Vault” like LastPass. This service allows you to have one master password (it has to be very complex) that grants you access to your cloud vault where all your passwords are kept
If you own a business, create an “Acceptable Technology Use” document which clearly states that all passwords must be changed every 3 to 4 months
Whenever you terminate an employee, make sure to disable their server account and email accounts (or at least change the password so you have access, but they do not) right before you tell them goodbye
For extra security, use two-factor authentication. This means that you need to enter a password and another “authentication” procedure to access a website. Google and Microsoft do this with email by texting or emailing you a code that must be entered after you enter your password
Regarding anti-virus and anti-malware programs, here are the two we load on the client computers we provide IT services for: Malwarebytes and BitDefender. We also use HitMan Pro on systems that we suspect are infected to provide a triple-punch. Ultimately, you can only make yourself a “low-value” target for hackers by making your “home” harder to get into. If hackers see that your computers are not worth the time, they will move on to the next person and you can get back to being productive. If you really want to be a security-conscious user, go with a 12-character password. That would take years to hack by even the best hackers.
Prodatix is a Phoenix, Arizona-based provider of complete Veeam data management services and solutions including Veeam data backup and replication to our secure data center (HIPAA, SOC 2 and PCI compliant), Veeam consulting, backup servers (appliances) powered by Veeam and Office 365 backup. Prodatix also offers complete cloud services including Hyper-V and VMWare virtual machines to run your private or hybrid cloud environment. Contact Prodatix at 623-266-4190 or at www.prodatix.com.