Today is World Password Day and we wanted to take that opportunity to have a discussion with our community about “Password Integrity”.
With every passing year, it seems like we need five more accounts for our business and personal lives. That means five new passwords and five new opportunities for someone to access your information or steal your identity. On top of all that, how many of you can honestly say you use a unique password for every one of your ever-growing list of online logins?
The truth is, it has become nearly impossible to create and remember long, secure passwords for all of our online accounts. The solution that most people have begun to adopt is the use of a password manager such as LastPass which is included in SecureAnywhere Internet Security Plus and Complete. Using a password manager solves a number of problems such as:
- Generating randomized, secure passwords
- Locks your huge list of account passwords behind a singular “master password” or biometric password such as a fingerprint/face scan
- Distributes access to that list of passwords across all of your devices
While password managers are not flawless, they solve most of the issues make people and businesses vulnerable to data breaches and identity theft.
Making a password that would be considered secure consists of the following:
- A password should be 16 characters or more; our password-related research has found that 45 percent of Americans use passwords of eight characters or less, which are not as secure as longer passwords.
- A password should include a combination of letters, numbers, and special characters.
- A password shouldn’t be shared with any other account.
- A password shouldn’t include any of the user’s personal information like their address or phone number. It’s also best not to include any information that can be accessed on social media like kids’ or pets’ names.
- A password shouldn’t contain any consecutive letters or numbers.
- A password shouldn’t be the word “password” or the same letter or number repeated.
(Credit to Security.org)
I tried for years to create unique passwords that follow this set of rules and succeeded...for a while. Recently, I finally admitted to myself that I didn’t have the ability to memorize my 20+ unique passwords and was using the “forgot password” function far too often. Since adopting a password manager, I haven’t had to click “forgot password” because I only have to remember a singular, strong, master password to get access to the rest of them. It’s been such a level-up in my online life that I can’t imagine ever going back.
(For the record, I use KeePassXC since i prefer local storage)
What password solutions is our tech-savvy Webroot Community using? Cloud/Local password managers? Superhuman memory that never forgets 16+ character passwords? Leave us your thoughts in the comments below!
I’d like to credit much of the content in this post to our Writing team and this amazing World Password Day Blog they created. Go check it out to learn more about password integrity!
I always love the idea of PHRASES. Most of my passwords are in my head and most are lines from movies or TV shows. I use the spaces between the words as my special characters [BTW some logins don’t allow spaces for PWs ]
I always make sure to change it up for each login or have a set pattern for certain types of movies for certain types of logins, I won’t go into detail for obvious reasons
I wish passwords getting cracked were still a thing. Anymore, the passwords are handed over willingly through phishing emails.
My favorite are the ones that don’t allow for special characters. Like, what are we even doing here?
Tyler’s way is pretty fun, but the older I get, the worse I am at password recall. I’ve been using a password manager, so just create gobblygook passwords I don’t have to remember.
We are currently trialling Password Boss. Would be keen to hear if anyone has toyed with it!
Strong and very safe passwords are a must these days and you need to change them up every once in awhile!
I use Bitwarden for a min of 32 random char passwords for everything
SSO where possible. Otherwise MFA.
Privately different usernames everywhere and generated passwords.
Password managers… as soon as I mention to a client the costs involved, they always shy away from it… Sad but true, but also understandable...
MFA and ensure that users changed the password monthly
I know most people try and use the same password for everything, they run into problems when everyone has different rules for what makes s password secure enough. Password managers seem to be the only way but then technically you’re back to having a single password for the lot!
Mine might be secure, but I never change them monthly, I’d never remember anything if I did
I think bitwarden is a valid solution. But i also think in 2022 it's time for new kind of password: NO PASSWORD....
Where possible, I use two-factor authentication. However, I entrust my passwords to ITGlue which, in addition to storing the encrypted passwords in the cloud, offers a valid random generator. The cost is not indifferent but the features included in the package are indispensable for an MSP.
Changing password monthly or every 2 months is a main thing.
Long password that has upper case lower case, special characters and numbers..…
Sometimes I use sentence with different language written in English letters.
Use password generator. Password length - 16 symbols.
I use Bitwarden password manager with a minimum password length of 32 random char (including special characters). Also SSO or MFA where possibile. As for the frequency of change, approximately every 2/3 months.
I use LastPass for my Password Manager. I use long passwords with Upper Case, Special Characters and Numbers for all accounts. My Master Password for LastPass is changed Monthly. I have over 100 accounts with passwords so I have divided them into four groups. Quarterly I change all passwords in one group. By the time a years is over, all account passwords have been changed. I have been doing this routine for years now.
As an MSP, i’m used to remember passwords but we more and more generate password on the fly for each and any password or keys.
Using a self hosted vaultwarden for myself where the master password is a self-made cryptographic algorithm encrypted version of a pure nonsense phrase of non-dictionary word but somewhat still memorable to me.
Am also on the verge of trying out a set of FIDO keys as MFA
We use a password manager for most of our password but if not we try and use the new 3 word system
I use a certain structure with my passwords that is easy to remember for me, yet complex and (hopefully) impossible for others to guess. It also holds some characters linked to the site or service where it is used, which makes it unique. As a result most of my passwords are unique and have a minimum of 16 characters. On top of that I always use 2FA when available. Where my passwords don't comply with this structure is for sites that don't allow more than 8 characters in a passwords. I sometimes decide not to use the service from those sites. Very annoying. Why do some websites or services still allow weak passwords?
Long and strong is what I aim for with a mix of characters, upper and lower cases and as many variations as I can and I also use LastPass as well.
I use 1Password. I started using that many many years ago when a password I used was compromised. It helped me create unique and random passwords for everywhere I created one, or new ones and is available on every device I use. Just make sure your “one” password is something you will remember and is long and fairly complex.
We use 1Password Teams as our password manager too. My boss decided it was worth the cost as we are only a small company. Works well for us and saves me having to create and manage lots of passwords.
...and my brand new AC does not allow Capitalized and special characters...