PROVIDENCE – World Password Day is May 2. Are you ready?
Using the same password for many different accounts seems like a good idea to streamline access, but it is not the best way to stay secure, according to experts.
“Hackers are taking the usernames, emails and passwords from the hack of one company and automatically testing the same credentials at many other companies, as was the case with the latest reported Turbo Tax account hack,” Eric Buhrendorf, CEO of Evernet, a computer-services company in Hartford, Conn., said in a news release.
The “2019 State of Password and Authentication Security Behaviors Report” by the Ponemon Institute – an independent research group based in Michigan – found that despite more understanding of best practices, users are still not taking precautions when it comes to their passwords.
According to the report, 69% of respondents give co-workers passwords to access their accounts. And 51% reuse an average of five passwords for accounts, whether they are business or personal.
Buhrendorf recommends having unique passwords for every user and every account. He suggests a password generator such as the one at Lastpass.com.
He also suggests making a rule to change all passwords regularly, whether it’s every week, month, or quarter. Using layers of authentication, such as inputting a PIN that is emailed or texted to you is always wise, as is having strong passwords, he said, ideally with eight characters that include upper- and lowercase letters, numbers and symbols.
Jeffrey Ziplow, cybersecurity risk assessment partner for BlumShapiro, which has offices in Cranston, takes it further, suggesting a minimum of 10 password characters. He tells PBN readers to steer clear of dictionary words and advises caution when using those multifactor authentication questions.
“Answering questions related to what high school you went to or your mother’s maiden name is all available on social media. Instead, consider providing a response that has no meaning to the question asked … [such as] ‘blue-covered cherries.’ This way, no hacker would be able to guess the response,” he said.
Buhrendorf reminds computer users to never follow links from emails or websites and immediately enter your password, but rather navigate there manually to ensure the site is valid. Outside sources can be rife with hacker dangers.
And relevant cybersecurity systems are important, as well.
“No matter how strong your passwords are and how meticulous about safety you are, hackers can find ways to monitor your keystrokes. Make it as difficult as possible for them with up-to-date virus scanners and regular updates,” Buhrendorf said.
Ziplow adds that users can’t assume software works as it should or is updated regularly, and therefore need to make it a point to check.
And when it comes to passwords, sharing is not a good thing, Ziplow said.
“Make sure to use good password hygiene by not sharing a password with anyone,” he said. “No one.”
Susan Shalhoub is a PBN contributing writer.
