Password and Security Musings

Yesterday I attended the Smart Business Show in Dublin and 2 of the speakers I saw greatly impressed me. Per Thorsheim, the founder and main organiser of PasswordCon, the world’s first password conference, was the first speaker. Runa Sandvik, a privacy and security researcher, was the second speaker. Per spoke about passwords and Runa spoke about security in your company.  I decided to write some password and security musings based on what they said.

Both speakers shocked me with stories of how bad human nature is when it comes to passwords and security. Below you will see some eye openers that will make you change the way you deal with passwords and security in your business and personal life.

It’s hard to believe that one of the most passwords used is password and that when it comes to the person with the least secure password in a company it’s not who you might think it is. The System administrator in a company has to deal with so many passwords that their own password is something simple that they can remember. Don’t be surprised if their password is password or password1.

password was passwordIn a lot of companies, passwords have to be changed every 30 days and users tend to use passwords with not many characters in them.

Broken_Keyboard_And_PasswordBy using passwords with not many characters they are simple to remember but why don’t they use password manager software, that stores away all their passwords and they will only have to remember the password that allows them see all the passwords that they have stored away.

They also tend to make them personal and use family members and pet’s names too.

password whiskers

Why make it easy for someone to get in to your computer, email or social media accounts?

Why does your phone or tablet lock screen have a picture of a family pet or members of your family? If your tablet or phone gets lost this will not help you get them back. Instead use contact details along with random passcodes which will ensure your device can’t be hacked and that it can also be returned to you if someone honest finds it.

There is also a very good chance that the 4 digit passcode on a smartphone or tablet will be the year the owner is born. Why use such an easy passcode? If a thief or cybercriminal is after your smartphone or tablet to access the data on it, they will know your date of birth.

Never give all your employees access to all the files on the system, you will be surprised how many companies do this and also that some companies have a file passwords.txt that can be accessed by any users. Access should only be granted to files and also directories they need for their job. Do you think an air hostess will be allowed to fly the plane?

Always train your software developers to be security conscious as this will result in more secure code. They will also get in the habit of making sure that any code they write can be trusted.

Never think you are not a target for cybercriminals or hackers, everyone is fair game as you have something worth stealing. Data, money, social media accounts or your website is valuable to someone. If someone wants to get across a political message, hacking your website or social media account gives them an outlet to publish their political views to the outside world.

As your business/company grows so should your security. The bigger you get the more securer you should be. If a jeweller shop that is known for selling Timex watches suddenly starts selling high end Swiss watches, won’t they upgrade their alarm systems and security protocols?

It’s never too late to change your password and security habits, so why not start today?