One of the biggest laughs in the Mel Brooks sci-fi comedy “Spaceballs” was when the ‘secret’ password to lower the planet’s defenses was revealed to be “12345.”
Why did this seem funny? Because it was such a crucial system that used such an easy and ridiculously guessable string of numbers, the same sort of weak code that someone would use on their luggage, another joke that was alluded to for even more yuks.
Today, computer security experts likely won’t find this scene all that funny, since modern passwords can sometimes be just as ridiculous, or at least the people who choose them on a regular basis.
For instance, security companies regularly publish lists of the most popular passwords, which also seem to perfectly correlate with the most popular passwords to steal. This list usually includes timeless staples like “12345” or “123456,” plus easy keyboard combos like “qwerty” or “asdfg.” In some cases people may just put in “password” or “password1” if they’re required to put in letters and numbers.
While many say having one password that’s this simple is handy and keeps you from having to keep track of multiple log-ins for multiple accounts, it’s actually opening the door to all sorts of trouble. Worse, it may not be only you that’s at risk for this type of weak security: if a hacker or phisher gets your account info by cracking your weak password, they might be able to access other accounts or even your work’s network.
Companies looking to get serious about password protection or overall system integrity don’t have to install the most advanced methods either: there are some easier solutions.
- Require multiple passwords for different areas. This may work well for companies with different networks or security levels. This minimizes the possibility that an intruder will get through every level with a single password.
- Require passwords to be changed often. Depending on security threat levels it could be quarterly, monthly or weekly. Some companies may even require a different daily log-in that’s randomly generated such as a code that’s sent to a mobile number. That way, someone who was able to crack a code previously may find it doesn’t work – and may even log their access attempt.
- Require combinations of characters. Employees may groan a little at the extra steps of using upper and lower case letters, plus numbers or symbols. But these do add more variables that can make someone’s access more secure.
- Require additional security questions beyond passwords. Hackers may be able to find a password but unless they put a lot of research into targeting a particular individual, they may not be able to find out especially personal details such as the name of a childhood pet, the cross street where someone grew up or a song played at a special occasion.
- Require employees to hide any physical records of the current password. In an environment, where the password is updated regularly, it might be convenient to simply write it on a sticky note and put it on a monitor until it changes again. But this could be a huge security hole if someone else were to walk into their office/cubicle looking for data to steal. Any of this information should be kept secure, such as locked in a drawer.
- Check databases of known breaches. If you see any company emails or vendors on them, consider changing your credentials.
CTC Networks is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (615) 550-0020 or send us an email at firstname.lastname@example.org for more information.