We all know people who use the same password for everything. From unlocking their phone to unlocking their bank account online, they use the same password or two for everything and every place. Words cannot express how dangerous this is, but it is fundamentally the same as having a single key to your home, car, safe deposit box, mailbox, etc. While it may certainly be convenient, if somebody gets ahold of this one password, then they can use it to access all your websites, your bank accounts, your credit cards, your business. It’s time to revisit online password security.
Now that so much of our lives are online, having good passwords are more important than ever. The password you use for your EHR should be different than the one for your spam email account. The password for your business email should be different than the password for your PayPal account. The password for your online banking account should be different than the password for your Facebook account….etc, etc, etc.
At the same time, we all know people whose passwords have often been the laziest words or combinations. They use their birthdays, their children’s birthdays, their phone number, or street address. Or like the default combination on their old briefcase, use a combination like 123456, or worse, the word PASSWORD. Some other passwords that fill the most used list include football, admin, login, hello, letmein, and qwerty. How many of you are now embarrassed? To show you the difference between those passwords and a good password, an IT friend of mine used an old Windows XP serial number for his home PC login. He could type in the 25 digit alpha-numeric password in a matter of seconds.
Total online security won’t be solved by even the most obscure passwords. Like anything, where there is a will, they is a way. Online bots can mount brute force attacks at a rate as fast as a billion passwords a second, so breaking an 8 character password could take upwards of 83 days to crack…or just seconds, if you are using something common like the passwords above.
At the same time, unless you have a photographic memory, keeping a list of your passwords written down somewhere is also an invitation for trouble. I’ve known many a person who has kept their passwords under their keyboard or taped to the side of their PC. You could, of course, hide your password list in a Word or Excel file on your PC. You obviously wouldn’t want to name that file passwords. How about BrusselSproutCauliflowerRecipies to keep most people from wanting to access your list? The best answer is to enlist the help of an online password program. Programs like Dashlane, 1Password, RoboForm, and LastPass will store your passwords and even autofill forms for you online once you enter your master password. This way you only truly need to memorize one password, the one to unlock the program. Some offer their basic services for free and more complete offerings for anywhere from $2 to $5 a month. I have used both Dashlane and LastPass for years now and love knowing my passwords are protected with state of the art encryption. I also know nothing is unhackable, so I try to remember the following computer security maxim:
Treat Your Passwords Like Your Underwear
(or your contact lenses)
Never share them with anyone
Change them regularly
Keep them off your desk