strong passwordAs we end the first quarter of 2016, this is a great time to think and reflect on the security measures you took in 2015, how they can be improved, and what you’re doing to implement any improvements this year.

Everyone on your team should know how important passwords are.  When your password is weak, the business that relies on you to protect information with that password can be hurt.

There is a lot of science behind the art of secure passwords, but most of the most important information you need to know is common sense.  Don’t make your password a version of your name, or a play on your birth date.  Don’t use your social security number, or anything that you frequently write down. Randomize your passwords: don’t go in the order of your keyboard characters (i.e. “qwertyuiop” or “1qaz2wsx”).

Here are a few specific ideas on how to strengthen your accounts, from the security experts:

  • Longer is better.  Your password should ideally be above 12 characters.
  • Skip the alphabet.  The more characters you use outside of the standard 26 “A-B-C’s,” the better.  Capitalization and punctuation matters as well, so mix it up as much as you can.  The more unexpected your key combinations are, the stronger your password will be.
  • Change it up.  Make sure that your passwords are different for different sites.  Especially when access means that sensitive information can be compromised, your passwords should be entirely unique.
  • Going Beyond the Password: Beyond password safety recommendations, it is important to enable two-factor authentication when possible. For example, Google texts you a unique code every time you log in, so even if your password is stolen, the attacker cannot access your account without that text message. Some systems and devices also have security questions or fingerprints as multifactor authentication options. When these options are available, use them.

Avoid the “Worst Passwords”

Every year, TeamsID releases a list of the “worst passwords” on the internet, and the entries are usually similar with subtle changes.  Every year this lists reminds us of two things: plenty of people don’t feel the urgency to create strong passwords, and people aren’t changing their passwords, even after years of this list coming out.

Here are a few of the “worst” passwords that people are still using on the internet to protect their security:

  • 123456
  • password
  • 12345678
  • qwerty
  • football

Here are some of the new “worst passwords” on the list:

  • welcome
  • 1234567890
  • 1qaz2wsx
  • login
  • qwertyuiop
  • solo
  • passw0rd
  • starwars

As you can see, many of the “worst” passwords that make lists like this are comically bad (adding onto the thread 123456 with a 7890, doesn’t improve the security).  But even silly passwords like “password“ demonstrate something important.  Most people don’t take password security seriously enough, and don’t think about how big of an effect something as small and simple as a bad password can have.

It’s easy to make passwords that are long enough to be secure, and to remember to change these passwords regularly.  There are also secure password storage systems to help you remember and easily store all your different passwords.

By taking simple steps, you can help enhance the security of yourself, your team, and your company.  So, resolve to be more secure in your digital life, and remember our tips for improving your passwords!