Industry Trends & Insights

The Most Common Breach - Password Security

By / February 1, 2019

Difficult demands of the secure password

A key takeaway from a study conducted by the Department of Computer Science at the University College London, showed that when users cannot cope with the demands of strict password policies, it; a.) reduces their productivity, and; b.) leads them to adopt coping strategies.

These coping strategies, are typically repeated passwords, dictionary passwords, or repeating character passwords, which almost always reduce security. In many cases, users keep their passwords in a notebook, or on paper, in a wallet.

Every password should be different

It's very convenient to have the same password for the things you log into daily. We're working, on the go, in a hurry, and don't want to waste 5 or 10 minutes, trying to look up and figure out what password we used.

This mindset needs to change. We need to take our password security very seriously moving forward, especially with the explosion of IoT. Using the same or similar passwords, is an invitation for someone to find just one, and have access to many.

Changing the mindset of password security

It's time for organizations to realize, that in today's connected world, password security over convenience, needs to become standard practice. Once you make the conscious decision to embrace password security professionally, and personally, you can then work toward new ways of making logging into accounts less painful.

Part of figuring out efficient solutions for logging into accounts, is first changing your mindset to believe that there's no alternative. It's similar to knowing you need to lock your car door in a high crime neighborhood, or else your belongings will almost surely be stolen.

The same goes for password security. In the big picture, creating a strong and unique password for every login, may be more important than locking your car doors.

2FA (two factor authentication) is king

Two factor authentication requires two forms of validation to gain access to an account. It is similar to getting money from an ATM machine. The first factor in an ATM transaction is inserting your physical card, that has your account information on it. The second factor, is entering your pin number.

Two factor authentication online, is typically a standard password, along with either a text message to your phone, a key generated by an app like Google Authenticator, or a physical device token based authentication. Text message two factor authentication is the weakest, since text messages can potentially be intercepted. Instead, use an authenticator app from Google, Authy, or Lockdown.

To get started with two factor authentication you need to enable it on the site, or app that you're using. Once enabled, you'll log in with username and password as usual. Next, the app or website asks you for your security, or authentication code. You then open your authentication app, and enter the digits displayed in the authenticator.

Even the White House has a campaign asking you to #TurnOn2FA.

Efficient solutions for password management

Most of us cannot remember a random sequence of text, after seeing it just one time. This is what leads us to use simple insecure, or repeated passwords. Here are reasonable solutions.

1. Use a secure password manager with 2FA to keep track of passwords (either an app or program).
2. Use physical authentication when possible (fingerprint or retina recognition).
3. Keep a small safe with secure passwords locked inside.
4. This is not the best option, but if you simply refuse to create a strong password, always use two factor authentication on every site.

Using a password manager app on your smartphone that requires two factor authentication to gain access to your password list, is one of the most secure options available.

It's that easy to increase your personal and professional security ten-fold.

Get serious about password security

Check the strength of potential password(s) using these sites:

• • https://password.kaspersky.com
• • https://howsecureismypassword.net
• • http://www.passwordmeter.com

Password managers are a great way to keep track of all your passwords and website information. Make sure to use two factor authentication for ultimate security. Popular password managers are;

• • https://www.securesafe.com
• • https://lastpass.com
• • https://www.dashlane.com
• • http://www.roboform.com

Authy, Duo, Lockdown and Google Authenticator are all solid choices for an authenticator app when using two factor authentication.

• • https://www.authy.com
• • https://duo.com
• • http://cocoaapp.com/lockdown

Google Authenticator;

• • https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
• • https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8

Contact AppSmart today for highly secure, password solutions.

Phone: 1-866-456-3211

partnersupport@appsmart.com