Password Best Practices

Coming up with secure passwords is not as hard as you may think. Make certain that your passwords are strong and unique.
Don’t use your birth date, a family member's birth date, phone number, company name, alma mater, social security number, school mascot, favorite sports team, family members name or your pet’s name as these can be easily guessed by a cyber-crook usually just by looking over your social profiles.

It’s also essential that you create New passwords and don’t reuse passwords between your accounts.

While work passwords should be changed every 45 to 90 days, don't update personal passwords too often. An excellent personal password should last a year. This tip might sound counter-intuitive, but frequent updates to passwords often result in “password1”, “password2” patterns making it easy for cyber-criminals to uncover.

Unfortunately, today it’s not uncommon to face significant security breaches on many of our favorite websites. Recent breaches include LinkedIn, MySpace and Tumblr, where the details of hundreds of accounts have been seen for sale on the dark web.

If you used the same password for everything, attackers could potentially access your other accounts across the web--a fact most cyber-criminals know.

Data breaches have been increasing year over year, and according to Gemalto, a Netherlands-based security firm, 2017 saw the breach of more than 2.6 billion records. Think of it as 7.1 million compromised records every day, 300,000 every hour, 5,000 every minute, or 82 every second.

With only 1.6 billion reported records breached in 2016, last year represents a 163% increase in compromised records.

Unfortunately, 2.6 billion records may be understating the actual problem as nearly 60% of breaches are unknown, unreported or under-reported as was the case with the Yahoo breach which now lists over 3 billion compromised records.

Today, it is exceptionally critical for small and medium business to prioritize the implementation of breach-prevention policies and tools.

Attackers know SMBs have fewer resources to dedicate to cybersecurity, and are, therefore, targeting SMBs at an alarming rate, increasing each year, as detailed in Symantec’s Internet Security Threat Report.

What’s more alarming? Nearly 90% of small business owners don’t believe they could be a target of a breach.

Statista.com reports that only 22% of those surveyed stated they use 
different passwords for every online login.

Keeper Security, a password management company, released a listed of the most common passwords of over 10 million passwords it reviewed. Sadly, the most common password, making up 17%, was "123456".

1. 123456
2. 123456789
3. qwerty
4. 12345678
5. 111111
6. 1234567890
7. 1234567
8. password
9. 123123

10. 987654321
11. qwertyuiop
12. mynoob
13. 123321
14. 666666
15. 18atcskd2w
16. 7777777
17. 1q2w3e4r

18. 654321
19. 555555
20. 3rjs1la7qe
21. google
22. 1q2w3e4r5t
23. 123qwe
24. zxcvbnm
25. 1q2w3e

NEVER, NEVER, EVER write down passwords. Not even in an Excel spreadsheet or a Word document. This tip applies to your password and anyone else's password.

Consider using a password management systems, like that built into Apple products, or offered by third parties like LastPass (www.lastpass.com). These products create a random unique password for every website but leave you with only one password to remember.

Consider these best practices when coming up with a password.

The 8+4 rule. Create passwords of at least 8 characters, and included the 4 character types (UPPER CASE, lower case, numbers and special characters).

Keep Symbols/Numbers Separate. Grouping up numbers or symbols in your password makes it easier to crack.

Don’t Make it Personal. Don’t use your birth date, a family member's birth date, phone number, company name, alma mater, social security number, school mascot, favorite sports team, family members name or your pet’s name. Attackers can readily mine this information off of social media and public records.

Avoid Dictionary Words. It might seem like a good idea to use a dictionary or a thesaurus to come up with a password. Hackers know this and have created a password attack to match. It's actually called a dictionary attack. A purposefully misspelled word could be much more secure.

Keep the Character Limit Down. Remember that passwords are not words, and since most people tend only to remember 10 characters or less, a long passwords might tempt you to write a down.

Adopt Passphrases. Long passphrases and abbreviations are generally immune to dictionary attacks. Song lyrics such as "C00lwind!NmyH@ir" or abbreviations like "T$WC0t" for The Sun will Come Out Tomorrow, are both easy to recall and secure passwords. Just remember to add symbols and numbers.

Stay Away from Acronyms. If you're a CPA or work for DHS, you could be reasonably certain that this information is available to an attacker online.

Don't become a statistic. Use a common sense approach to keep your data, your coworkers' data and your customers' data safe.