Well, here are on the very last weekend of October, and tomorrow we start November.  So hard to believe where the time has gone by.  There is still a long road to hoe these next two months, especially with the huge uptick in the number of COVID19 cases that have come up worldwide, and even crazier yet, the upcoming Presidential Elections that will happen this Tuesday.  But even crazier yet, today is also the last day of Cybersecurity Awareness Month as well.

As mentioned, I have tried to bring to you those topics that aren’t repeated on a daily basis, ad nauseum.  But there is one issue in Cybersecurity that has plagued the industry for the longest time, and you probably guessed it, it is the Password. 

This has always been the traditional means of authentication, and in fact, it is still used in Multifactor Authentication (MFA), and the Zero Trust Framework, which is now starting to be implemented by businesses.

Because of the longevity of its use, the Password has proven to be one of the crown jewels that the Cyberattacker has always been after.  After all with this key credential, they can log into almost any kind of account, and from there, hijack your confidential information and data. 

Because of this, everybody is now reminded to create those long and complex passwords, which have to be a certain character length, peppered in with other kinds and types of alphanumeric characters.

But in the end, who can remember all of these long and crazy and passwords?  Well, that is where the use of a Password Manager comes into play, and with this software application, you can create those long and complex passwords, it will store them for you, even reset them on an automated basis, and heck, it will even alert when it detects malicious activity occurs on those passwords.

While we have been harped upon so much by our own boss, employer, what have you to create more robust passwords, and not to use the same ones over and over again, let us take the opposite point of view and examine what really makes a poor password.  After all, we keep getting told how to create a great password, but how about what not makes a good one?  Let’s get started:

*The passwords are too short:

In this case, the passwords are typically no more than 4-5 characters in length, which thus make them so easy to hack into and break, especially by the Cyberattacker.  This is where dictionary types of attacks are most effective (this is where the Cyberattacker keeps guessing all of the passwords that reside in the database.  Check out some of these alarming states:

*45% of Americans have passwords that are no more than 8 characters in length;

*Only 22% of Americans have created passwords that are at least 12 characters or longer.

Remember that as human beings, we will only create those passwords of the minimum required of length.

*The passwords are too simple:

Yep, you got this one easily.  People will use their own names as passwords, or even something like “password”, “secret”, or even “admin”.  The moral of the story here is not to use anything for a password that are affiliated with, as the Cyberattacker will be able to figure this out for the most part, by putting together a secret profile on you.  In other words, create a password or set of passwords that are completely different from your personal and professional lifestyle, and don’t make it obvious by any means whatsoever.  Think of it like you are registering a trademark for the USPTO, you need to get as creative as possible.

*Don’t make your passwords associated with what is going in the world:

With this, don’t make your password which relates to current world events.  For example, if you are a research scientist in the medical field, or even a doctor in the Emergency Room, don’t use “COVID” or any of its variants as your password(s).  Or for that matter, don’t use something like “VoteBiden” either.

*Passwords are very often shared:

As the name implies, this happens when you share your passwords with others in a willy nilly fashion.  There are times when passwords do need to be shared, and I do this also.  But I am extremely careful in who I give it out my passwords to.  In other words, only share your passwords on an extremely needed basis, and only do it with co workers or other people that you would literally trust your life with.  To be on a safer side, after you have shared your password and that task is done, always reset that password just to be on the safe side.

*The tendency to write down passwords:

Let’s face it, as humans we only remember those things that we really want to, or are required to do so, especially when it comes to our jobs.  This is not the case when it comes to Passwords.  We view them as the nemesis of our daily lives, thus the tendency to write them down and stuff them anywhere in plain sight then becomes a key problem.  According to a recent study that was conducted by Security.org, almost 40% of Americans will write down their passwords either in a hard copy or digital format.  The end result of this is that we will reuse the same passwords for multiple accounts or create some very similar variant of it.  The Cyberattacker of today is very well aware of this and will try to find that one master password that logs into different accounts.

My Thoughts On This

Ok, here you have it, the backwards way of thinking about passwords.  Hopefully, this blog has shed some light as to the importance of creating a better, more robust one.  But let’s face it, in the end, we as humans are creatures of comfort and habit.  We don’t want to change our ways until we sub consciously accept that there is a better way to do something, or until we are forced to do so.

Yes, passwords are a pain in the a$$.  So in this regard, it is probably best to make use of that Password Manager, so this is one less stressful chore that is knocked out of our everyday lives. But the only caveat here is that you have to create a password in order to log into your Password Manager (no joke, seriously). 

So wouldn’t creating simple and easy to use Password defeat the whole purpose of this?  Yes, it would.  So as another way of backwards thinking, this also points the need to use a long and complex Password here as well.

There are other tools that are emerging into the forefront to completely eradicate the Password altogether, especially with the use of Biometric Technology.  In this regard, both Fingerprint Recognition and Iris Recognition can be used, but these tools have a long way to go yet until they reach a level of full public acceptance.

Finally, I cited a research study from Security.org in this blog, and here is the link to it for more information:

https://www.security.org/resources/online-password-strategies/