Blog

World Password Day

World Password Day
Userlevel 7
Badge +20

Today is World Password Day and we wanted to take that opportunity to have a discussion with our community about “Password Integrity”. 

With every passing year, it seems like we need five more accounts for our business and personal lives. That means five new passwords and five new opportunities for someone to access your information or steal your identity. On top of all that, how many of you can honestly say you use a unique password for every one of your ever-growing list of online logins?

The truth is, it has become nearly impossible to create and remember long, secure passwords for all of our online accounts. The solution that most people have begun to adopt is the use of a password manager such as LastPass which is included in SecureAnywhere Internet Security Plus and Complete. Using a password manager solves a number of problems such as:

  • Generating randomized, secure passwords
  • Locks your huge list of account passwords behind a singular “master password” or biometric password such as a fingerprint/face scan
  • Distributes access to that list of passwords across all of your devices

While password managers are not flawless, they solve most of the issues make people and businesses vulnerable to data breaches and identity theft.

Making a password that would be considered secure consists of the following:

  • A password should be 16 characters or more; our password-related research has found that 45 percent of Americans use passwords of eight characters or less, which are not as secure as longer passwords. 
  • A password should include a combination of letters, numbers, and special characters.
  • A password shouldn’t be shared with any other account.
  • A password shouldn’t include any of the user’s personal information like their address or phone number. It’s also best not to include any information that can be accessed on social media like kids’ or pets’ names.
  • A password shouldn’t contain any consecutive letters or numbers.
  • A password shouldn’t be the word “password” or the same letter or number repeated.
    (Credit to Security.org)

I tried for years to create unique passwords that follow this set of rules and succeeded...for a while. Recently, I finally admitted to myself that I didn’t have the ability to memorize my 20+ unique passwords and was using the “forgot password” function far too often. Since adopting a password manager, I haven’t had to click “forgot password” because I only have to remember a singular, strong, master password to get access to the rest of them. It’s been such a level-up in my online life that I can’t imagine ever going back.

(For the record, I use KeePassXC since i prefer local storage)

What password solutions is our tech-savvy Webroot Community using? Cloud/Local password managers? Superhuman memory that never forgets 16+ character passwords? Leave us your thoughts in the comments below!

I’d like to credit much of the content in this post to our Writing team and this amazing World Password Day Blog they created. Go check it out to learn more about password integrity!

 


54 replies

Userlevel 6
Badge +5

I have a system for creating my passwords, and I never use the same password for banking or financial accounts as other non-financial accounts. All it takes is for someone’s system to be hacked and whichever password you used to get into that company’s system (take facebook.com for example). Once Facebook’s system is hacked the hacker has your password. If you use that same password for multiple sites then it’s easier for the hacker to compromise your logins. If you create a system where you add something to each login and never use the same login twice, then your accounts will be safer.  

Userlevel 3

I've always been amazed when I come across settings where the password is required to be changed every 90 days, but the user can reuse the same password and there is no password complexity required. 

Userlevel 7
Badge +8

Lastpass with randomly generated passwords works for me. 

Userlevel 7
Badge +4

One of our major clients just had their password policy updated to a minimum of 16 characters, special characters, numbers etc and we did a big internal training overview with them on phishing and also good methods of password creation such as phrases or 3 random words erc

Userlevel 6
Badge +6

An encrypted flash drive and text file are magic for password storage. 

Userlevel 7
Badge +63

An encrypted flash drive and text file are magic for password storage. 

I use to do something similar using a Text file then Password protected zip RAR file.

Userlevel 5
Badge +1

I use a password that contains a mixture of everything but the problem is, I cannot use phrases for the life of me.

I can think of my most favorite phrase, and i’ll STILL forget it and have to reset my password.

Bad practise but it is what it is!

Userlevel 5

Bitwarden for me. I figure one less thing to worry about and a lot more things to not have to worry about remembering.

Userlevel 3

Combination of a couple of password managers used in our business - LastPass and one in our documentation tool.

Trying to get customers to use a password manager on the other hand…. Especially when most have an iOS device so have Keychain for Apple devices built-in. Why is it so difficult to make them understand the benefit vs using the same password on every site?! 😑

Userlevel 2

Long passwords are always better.

Userlevel 5
Badge +19

I finally manged to convince my partner to use a password manager - I’ll be collecting my halo tomorrow!

Userlevel 3

I couldn’t possibly remember all my passwords so I use a password manager and only have to remember 1 really long password now...

Userlevel 3

My company uses 1Passowrd. We have recently deployed this product internally and externally. 

Userlevel 3

At work I mainly use KeePass so that I can share the database with my manager -- you know, the hit-by-a-bus principle whereby you need a backup. It’s secured using a passphrase. Most typically I did use several passwords or forms of those passwords. I’ve been slowly going through the devices and making unique passwords for each device. For the ones I cannot cut and paste, I will use a passphrase.

However, I must admit that I use the convenience of my browser’s own password manager for website passwords and usually go with its default suggestions when I sign on to new sites. I do use it for both my corporate and personal accounts.

Userlevel 7
Badge +24

I wish passwords getting cracked were still a thing. Anymore, the passwords are handed over willingly through phishing emails.

too true

Userlevel 4

I use lastpass and I like using passphrases for passwords as well.

Userlevel 6
Badge +1

LastPass for me. We get a free family license with our business licenses, so it was a no brainer. I agree with @TylerM though on changing the term from password to passphrase. We have completely eliminated “password” from all of our documentation and replaced it with passphrase. Doing what we can to get it in everyone’s head. 

Userlevel 4
Badge +3

For years sites rqyuires 1 capital some lower case and a special character giving rise to Andrew1! and similar.

The sheer stupidity that three words can’t be used as phrases on many sites still confounds me, they can be used to describe all the locations on earth (as the advert says).

Password reuse is rife amongst nearly every customer I’ve ever seen “hacked” or else they typed it in to a phishing site.

I didn’t know WR had a lastpass integration / bundle.  Is this available as an MSP product?

Userlevel 5
Badge +4

A password manager is essential in today's environment for good password security hygiene. I am curious, however, about the need for monthly or quarterly rotation of passwords if adhering to other best practices such as non-reuse of passwords, appropriate complexity, etc.

Userlevel 7
Badge +4

I always love the idea of PHRASES. Most of my passwords are in my head and most are lines from movies or TV shows. I use the spaces between the words as my special characters [BTW some logins don’t allow spaces for PWs 😡]

I always make sure to change it up for each login or have a set pattern for certain types of movies for certain types of logins, I won’t go into detail for obvious reasons

I’m not going to give you a whole part

 

My favorite password is always got to do with one of my favorite winter foods……. soup. so you can give me 0n3T0n$0Up4M3t0d@y! anytime……… 

For me I also like the phrase or sentence to use as passwords 

Userlevel 3

We’re using lastpass at the moment, seems to work well for us. Trying to push out to our customers as well, but some don’t want to pay for this 

Userlevel 1

I am always amazed when financial institutions have pretty lax rules for passwords to sign into your account.  I have used password managers for years.  It does help a lot.

Userlevel 4
Badge +2

End users are going to continue to use weak passwords, they just don’t care.  We need to more away from passwords.

Userlevel 7
Badge +24

 

I didn’t know WR had a lastpass integration / bundle.  Is this available as an MSP product?

I’m not sure if that’s an option in business offerings will check with @csaunders 

Reply