Changing Passwords: Annoying? Yes. Important? Yes!

 

We all have been there before. We go to log into our email, our computers, our bank accounts and we get the dreaded ‘your password has expired/needs to be changed’. When you try to update it to one of your usual passwords, it won’t accept it because you have used it in the past! Time to make a new password up—or you just add a capitol letter or another number onto the end of your old one. Annoying, time consuming, and interrupts the flow of the day…but critically important.

Using the same password, simple passwords, or never changing their passwords is by far one of the most dangerous behaviors business owners and their employees have as it relates to their Technology. This habit has to be broken in order to reduce a business’s data security risk and unfortunately, if you use the same password or password pattern on a number of online sites—it is a matter of when, not if, that at least one if not all of your accounts will be breached.

“But why would anyone want into my data? All I have is boring emails between me and my clients talking about houses, business cards, or candles. It isn’t like I have lists of credit cards on my computer.” Or do you? If you click ‘save’ in Internet Explorer, Firefox, or Google Chrome–your passwords are saved in plain text inside of your browser. Does your Amazon account automatically log you in when you visit it? Within minutes, an experienced hacker can buy $1000’s in gift cards on amazon, download all your data and passwords, send out fake-emails to infect or con your clients, and even wipe out your entire system afterwards to erase their footsteps and give them more time to utilize your data before you can figure out what is going on. Your data and online accounts are worth far more than you realize.

Let’s break it down with a few examples of bad password habits.

I use a complex password, full of uppercase, lowercase, numbers, and symbols! No one could ever guess this password! I feel safe using it on multiple websites…everywhere in fact.

Have I been Pwned example of data security risks due to using the same password.

Have I been Pwned example of data security risks due to using the same password.

Good start, however the majority of breached emails and online accounts aren’t due to a guessed password. They are due to a leaked password from another service, malware that recorded your password/credentials on an infected machine, or because you wrote it on a sticky note that is clearly visible to everyone who passes through your office. One password to rule them all with dozens if not hundreds of potential leak points. 

Have I Been Pwned will tell you if your email has been part of any leaks in the past. Often times, these leaked credentials aren’t even accessed or used by malicious individuals until months or even years after the first leak–and we also don’t’ find out about these leaks usually for years later until those who have these lists decide to sell them for pennies on the dollar on the dark web. That is after they weed out the obvious high-value emails, such as those with domain names @awesomedoctors.com or @bigbanklady.com for example.

What about malware? There is a specific type of malware called keyloggers. This software records every keystroke and some take regular screenshots of your desktop, all without you knowing. This information is than relayed to a bad-guy data server for archiving, reselling, and eventual attempts to gain access to your data for various purposes.

Finally, the sticky note. This can come in many forms from a physical note under your keyboard, on your monitor, or saving passwords in a spreadsheet on your desktop. Saving a file on your computer filled with passwords called ‘information’ or ‘cookie recipes’ is not going to stop it from being found. Malware/hacking tools can search for email/username/password patterns in files and quickly sniff out such documents no matter how cleverly they are named. Or imagine that you took a picture of your office after you cleaned it to show off on instagram–and didn’t think about the sticky note that was visible with your blurry but readable password?

Frequently used passwords or using a word associated with you.

Why complex passwords are important for data security and your business.

Why complex passwords are important for data security and your business.

This? Stop it. Immediately. QWERTY, Password123, 12345678, passw0rd—No. How about Smith1950? This is your last name and a birth year. No. If your password can be found on any top 1000 password lists or uses a word from the dictionary, it can be brute forced. This means it can be guessed by an individual or by software that tries common combinations–and depending on the location of the login–it can guess thousands of passwords a minute or more. Password123 will be cracked instantly, Fideo25! will be guessed in a few minutes, but !@34jsks892!##@_@? This password will take thousands of years to crack even by the best software.

Sharing passwords or using the same password for multiple users within a business.

No. No. No. Why have a password at all? Having all your employees with the same user and email logins? Same password for your database? This is a recipe for disaster. You trust your employees, none of them would ever go rogue–or login as another user to edit/delete something discriminating, right? Employees can behave in erratic ways if they get let go or feel they have been mistreated. That aside, it only takes one of your employees putting in that username/password into a malicious pop-up that looked like an official windows login popup, to tell a fake IT Support rep over the phone the password, and the worst part of these scenarios is the employee will often be too embarrassed or not even realize what happened and you will never know that a bad-guy has access to your entire business system now. Weeks later when all your data gets encrypted, stolen, or maliciously used—you will never know who was the source of the leak because everyone was using the same password!

These are just a few examples of the dangerous of bad password habits and why if you care about your business, you need to care about your passwords. Give us a call or email with additional questions or to get a free network assessment from one of our owners! We can help manage your passwords in a secure and compliant password vault that will also guide you in creating and updating passwords frequently that are virtually uncrackable.

Christina Grady is the founder and owner of Occubit Technology Solutions. She has been fascinated by the role technology plays in everyday life since she was a child taking apart VCR's and remote control cars. Her passion for helping others creates a perfect bond with her IT background.

Top Passwords Used

More from our blog

See all posts
2 Comments
  1. Pingback: Reduce Your Risk of a Data Breach | Occubit Technology Solutions

  2. Reply

    Christina with Occubit took care of a major and recurring security issue I was having with my personal email and Facebook. I have never experienced IT support like I did working with her. She went above and beyond and combed through several email accounts and my social media accounts to remove malicious settings that a hacker had put in. She set all my accounts to have 2-step verification after the clean up to prevent the perp from getting in again. She also did some investigative work and even found out how my password got leaked in the first place. I deeply appreciate her attention to detail and genuine concern about the security of my accounts. I would highly recommend any business who needs IT consulting or technical support to give Occubit a call if they want more than just a quick fix or band aid for their technology issues.

 

Leave a Comment