Lax Password Enforcement is still a Priority Concern
We hear the phrase I Hate Passwords in one form or another with monotonous regularity. I think I have muttered it under my breath several times recently. I decided to take inventory. Between personal and business, I added up the number of accounts that require some sort of credential:
And it’s not only passwords, but a user name and most often a website address for each account. Added to this is my failing memory (age-related I think). I seem to spend a lot of my day typing – and re-typing – user names and passwords. And I can’t make them all the same as each system enforces rules about what constitutes an acceptable password. And I am tired of friendly reminders about changing my password.
Does this sound like you and your staff? Our human tendency is to simplify password management by relaxing the rules, sharing passwords, never changing them, or eliminating them where possible – all sorts of shortcuts. We see password lists under desktop blotters, stuck to monitors, and in text files on the computer desktop – and some of our all-time favourite high-security passwords are: 1234, 9999, password, and iforgot.
Recently, while performing a Cyber Security Assessment for a client we came across all of these shortcuts – and more. It reminded us of a 60s-style love-in; everybody sharing and feeling good! We see this tendency to one degree or another in just about every office we visit.
About the only thing that reverses this trend is individual self-realization that it MATTERS. Effective management of passwords needs to be a corporate mindset. This can be reinforced through policies and training. There also needs to be some tools to help the user manage passwords.
I want to share two techniques I use for managing passwords. I use a free program calledKeePass
(PRO version). It is one of many (free) password managers that help organize user credentials. It’s Windows based and installs easily on laptops and desktops. Once you create a root password (something strong and complex), you create entries for each credential package you need to track. After a single login at the start of the day, all of your credentials are available. It has lots of tools to help manage your entries and it can interact with many common programs (like Chrome, Internet Explorer, and Firefox) to streamline credential entry. The database – where all of this information is stored – is encrypted to a very high level. The data file is also portable, so it can be moved or shared among devices; even in the cloud
This tool saves me several minutes every day.
I also use a GateKeeper. This device is a small dongle that I carry with me on a lanyard. Once installed, the device automatically locks my computer when I move away from my desk. It logs me back in when I move close to my computer. That saves me re-typing my Windows password – or forgetting to lock my computer when I leave my desk. Very slick and very secure.
If you would like more information about Cyber-Security Training, Assessments, KeePass or GateKeeper, please contact us. 780-968-1333