Passwords were once considered an excellent first line of defense when it came to protecting your data. And while there has been a push to create more complex password combos filled with letters, numbers, symbols and so forth, the reality of today’s hacker-breached world is that passwords are no longer enough to keep your information safe. Below are five reasons why passwords aren’t enough to keep your data secure.
- Most people choose easy passwords to crack: Cited in an Entrepreneur article, 90% of employee passwords are crackable within six hours. We are all guilty of this faux pas. When we assign passwords to our applications, we only think of ease of use – what password will I most easily remember? My birthday, pet’s name, street address, maiden name and so on. More often than not, we choose passwords that are personal to our life. While this makes it easy for us to remember them, it also makes it easier for hackers, as this is often information that is public and even an amateur hacker could crack the code. Moreover, how many times has a social media friend sent out a survey and asked for information about pets, elementary school, or favorite food? This information is all frequently used for passwords.
- Most people use the same password for multiple accounts: Cited in the same Entrepreneur article, 65% of people use the same password for all their accounts/applications. Again, it’s all about ease of use and it’s easier to remember just one or two passwords rather than create a new one for each account or application you have. The problem with this is that as soon as your universal password is hacked, they have easy access to ALL of your networks or applications that share the same one.
- People keep their passwords in plain sight: Cited in the Entrepreneur article, 47% of people maintain a spreadsheet to remember their passwords; 31% use another form of electronic storage to remember them and 27% write their passwords on paper. Whether people realize it or not, most of us leave our passwords out in plain sight for everyone to see. Too often we select the option “remember password on this computer” or even keep a hard copy posted by the PC, a note on our phone or computer or USB that lists all of the password/login combinations.
- Even complex passwords aren’t safe: Even as people put importance on making a “complex: password by incorporating numbers, capital letters and symbols, hackers are too sophisticated these days. For today’s standards of data breaches, good password or not, hackers have more sophisticated measures to get inside your network.
- Access Controls are too Loose: No matter how great you think your password is, oftentimes when you are on corporate applications your security depends on access control from your IT team. There are two types of access controls. Authorization controls verify that the user ID and related password have been authorized to access the network. Authentication controls confirm that ID and password belong to the person who is attempting to gain access to the network. This includes security questions and, in some higher-risk environments, biometrics. It is obviously easy to give someone the answer to your security question. And with the Bring Your Own Device phenomena allowing us to use our devices anywhere, anytime, IT loosens access controls to allow access to these applications from non-corporate sanctioned devices.
By now, hopefully it is clear that passwords alone can’t keep your information protected; however, there are alternatives to simple passwords, such as layers of passwords for certain documents, document encryption, and controls over who and how long a person can have access to a document. Whatever you decide, it’s time for us to take a serious look at our passwords and how we are managing the protection of our information.