As my web master was finishing up some updates to my website last week, the talk came about as to how I can increase my Social Media footprint.  True, using the right combination of platforms is important to get your name out there, especially when just about every marketing tool is now digital. We talked about it in some length, and it seems like that the days of Facebook and Twitter may have reached their maturation point.

But there are other platforms out there as well, such as that of Instagram and Pinterest.  But as I have learned here as well, the key is to keep your messaging extremely short, and include an eye capturing picture that will prompt the end user to click on it.  So, after I decided to take this route, I kept scratching my head, what pain point can I hit upon in just less than 15 words and create a strong image about it?

Well, the idea of passwords came to mind.  We all hate them of course, so I created a very short blurb on how make the entire process of password management an easier one to establish.  Hopefully it works.  With all of this said, as I was perusing this morning on the topics I could blog about today, passwords again came up in about five different articles.

One of them was about a recent survey that was conducted to see how the American SMB and their employees are up to snuff about password security.  As to be expected, the results showed that people are still not doing enough to protect their passwords.  Here is what was discovered:

*A startling 72% of the respondents claim they keep recycling the same password repeatedly.

*Here is the age breakdown for the above statistic:

               *56% of Baby-Boomers recycle passwords;

               *70% of Generation X recycles passwords;

               *76% of Millennials recycle passwords.

The survey further discovered that many of the respondents (72% of them) even reuse the same password at least four times or more.  Here is the breakdown on that:

*63% of the respondents use the same password for entertainment as well as business, banking and medical transactions;

*18% share their passwords with other people, especially when it comes to the use of Social Media sites (just an FYI . . . I don’t share mine with others!!! LOL)

The last part of the survey then asked the respondents what some of the best preventative methods they have taken to protect their passwords, and here is what they said:

*38% of them simply try to remember their passwords;

*27% make use of a Password Manager;

*26% of them keep a separate notebook in which they keep a log of their passwords;

*3% use a Post It Note.

Finally, the survey even asked the respondents how proactive they are in keeping tabs on their own security, and here is what they found:

*Only 30% of the respondents are aware of their PII being breached;

*89% of them have changed their passwords after learning about their confidential data being compromised. 

My Thoughts on This

Honestly, I am not too surprised by these findings.  Passwords will remain to be the nemesis for the SMB in Corporate America.  Passwords have been around for a long time, and they are not going to go anywhere time soon. 

There have been many attempts made by organizations to create stricter security policies in an attempt for their employees to abide by.  But really, when does getting mean really work?  It never has.  If employers wish to bring about the “Big Stick”, employees are only going to fight back in defiance.

Of course, employers can also keep on educating their employees about the must for strong passwords and not reuse the same password repeatedly, but keep in mind, humans are creatures of habit.  We do not want to change our ways unless something bad happens to us first. 

The thinking in this regard is “If my passwords have not been compromised yet, then they won’t be”.  But of course, this line of thinking is extremely flawed, as you never know who the next victim is going to be.

Even I am a victim of this “creature of habit” phenomenon.  I must admit that my password hygiene is not up to snuff either.  Quite honestly, I keep reusing the same password from time to time, with the only variation being perhaps adding a number, a capital letter or even a punctuation mark.  But, based from my experience, a majority of the financial and healthcare websites do not even let you use a variant of the same password.

They make you pick an entirely different one.  Of course, this is good practice.  A good example of this is my BCBSIL medical insurance account.  I only login once a month to pay the premium bill, and 90% of the time, I can’t remember the password from a month ago.  So, I always must create a new one to login.

In order to break this habit of employees using the same password, businesses and corporations have required employees to create crazy long and complex ones that nobody can remember.  As a result, after this password is created, employees simply copy and paste that password into a Word doc, save it, and bring it back up when they need to log in.  So, in the end, what is the purpose of that?  It’s just defeating the original intent of that complex password that was created in the first place.

Is there a solution to this password nightmare?  Yes, there is, and it comes from two fronts:

*Making use of a Fingerprint Recognition or Iris Scanner to replace passwords entirely;

*Making use of a Password Manager.  The advantage here is that this tool will allow the employee to create a long and complex password, it will store it securely, and activate it automatically when it is needed.  It will also prevent the problem of password reuse, as it has been clearly demonstrated by the survey. But the disadvantage of a Password Manager is that it requires a password itself in order to login.

The latter might be a better choice for an SMB to implement, as it seems like that at least 30% of the respondents know at least or understand the importance of a Password Manager.  Biometrics remain a viable option, but there could be a learning curve here, which will take some time in order to reach full adoption by your employees.

There are many Password Manager software apps that are available, and a simple Google search will display the top ones you can use.  Some of them you must pay for, some are free, but keep in mind the adage:  You get what you pay for.

Finally, more details on survey can be found here:

https://www.security.org/resources/online-password-strategies/