How to make password best practices work for you
The following are the key takeaways from the Password Security presentation at the RDC Spring Symposium in 2023:
Password breaches happen alarmingly often. The most threatening type of leaked password is a plaintext password, which means it is unencrypted and can be freely read by an attacker. See if your email address has suffered any data breaches at the following site:
Phishing emails attempt to trick users into giving away their email address and password. While historically malicious emails have had the telltale sign of poorly written English, advances in AI such as ChatGPT now make it easier than ever to craft business professional emails.
Have a favorite song lyric or line in a movie? Compress it down to an acronym to create a unique, lengthy, and complex password. As Mama always used to say, Lil1boc.Ynkwygg
Websites are starting to favor Single Sign-On, or SSO. Instead of users creating an account the standard way with an email address and password, they can instead be authenticated by a trusted service such as Google. After the user clicks the “Continue with Google” button, their machine receives a token from Google to verify the user’s identity.
A strong password can still be leaked or phished. Provide your accounts with a second layer of security with Multi-Factor Authentication, or MFA. This requires the user to provide at least two “factors” to authenticate themselves, which would be a combination of what you know, what you have, and what you are. The most familiar MFA today is a text message to your phone.
Password Managers can be a helpful way to keep organized. However, as a general rule it is better to favor local managers over cloud-based. As we saw with the recent LastPass breach, there are risks associated with storing your password database in the cloud. One option is to use Password Safe and save your database on your Microsoft OneDrive, not your local drive. This will allow you to access it on any trusted device, and eliminate the single point of failure if your hard drive malfunctions.