Why All Users Should Change Passwords Today

Security

February 1 is change your password day, an annual “holiday” established back in 2012, according to a blog post from Gizmodo, as a way to get a wide collection of end users to change their passwords together.

Over the course of the past seven years, though, passwords have continued to create enormous risks to enterprise security, with many users either crafting weak passwords or reusing passwords across multiple accounts.

According to a LastPass survey, 39% of consumers never change their password unless it is required. In all likelihood, people don’t change their passwords because the average user has nearly 200 accounts to keep track of, which makes changing passwords every month or quarter unrealistic, according to LastPass.

“It will take some time to upload your credentials into the password manager, but invest the time and use the password generator function to create complex, new passwords for your accounts. Using a passphrase with a combination of complex characters such as $ymB0LS drastically increases your security and protection of personal data,” said Joseph Carson, chief security scientist at Thycotic.

What matters most when it comes to password protection is length, which is why it has become more commonplace to see sites requiring a minimum of eight-character passwords. Still, “there is a long-running myth that complex phrases using characters, numbers and letters is secure. They are not. These are simply hard-to-remember phrases that are quickly forgotten and reused in multiple locations,” said Chris Morales, head of security analytics at Vectra.

Instead, Morales said simple phrases, rather than complex combinations of characters and numbers, make better passwords. “’The quick red fox jumped over the lazy brown dog’ is a much stronger and infinitely easier to remember password than ‘1W33$^Adgfi*()tyu.’”

When it comes to enterprise protection, LogRhythm advised businesses to use multifactor authentication whenever possible to protect critical infrastructure, such as VPN and email access. Also, avoid shared accounts. Instead, create separate accounts for each user of an application so that any actions performed are properly attributed to a specific employee, which will also limit the risk of inadvertent password exposure.

Products You May Like

Articles You May Like

TED raises $280M to help nonprofits battle climate change, online sex abuse and more
PathAI raises $60 million for its computer vision-based pathogen detection technology
Cyber-Attack Knocks the Weather Channel Off the Air
Serious Security: Ransomware you’ll never find – and how to stop it
WannaCry hero Hutchins now officially a convicted cybercriminal

Leave a Reply

Your email address will not be published. Required fields are marked *