July 19, 2019
Securing Your Passwords
by Paul J. Unger, Esq., Affinity Consulting Group
"Change your password every 30 days" … "Use numbers, letter & characters" … "Use 12 digits" … "Oh wait, now you should only use phrases!" … so which is it?! What should you do?!! Here are my top three tips:
Multi-Factor Authentication is Critical
Putting in place two-factor (or multi-factor) authentication (also known as 2FA) is more important today than changing passwords or using unique passwords. I still think unique passwords are important, but changing passwords every 30 days has recently been regarded as a waste of time. 2FA is most important because without the second measure of authentication (usually a text message notification requiring your intervention, like entering a code, providing a PIN, proving your fingerprint from your smartphone) a cybercriminal will not be able to login to an important account. See this regarding Microsoft finally acknowledging this year that 2FA is critical and changing passwords is not very important anymore: https://www.cnet.com/news/microsoft-admits-expiring-password-rules-are-useless/.
Use an Encrypted Password Manager
I think everyone should be using encrypted password managers. Our company recently purchased a Dashlane account for everyone in our company because we feel so passionately about this topic. Password managers do the following:
- Secures all your passwords, credit cards, personal notes, etc. in a highly secure encrypted cloud-based vault that is assessible via your PC, laptop, tablet, smartphone, Apple device or all of the above… for the same low price.
- Generates and updates strong passwords for you.
- If desired and appropriate, these vaults allow sharing of certain passwords with co-workers, your spouse or your team.
- Look at programs like Dashlane, LastPass, OnePassword, Roboform.
Draft a Policy and Educate your Users
Finally, I think it is critical that you have a cybersecurity policy within your organization, and educate your users about how to be safe. Password security is only one small part of safe computing and guarding client and personal data/information! Have a company that specializes in cybersecurity come out and evaluate your practices to help you design that cybersecurity roadmap.