Blog

World Password Day

World Password Day
Userlevel 7
Badge +18

Today is World Password Day and we wanted to take that opportunity to have a discussion with our community about “Password Integrity”. 

With every passing year, it seems like we need five more accounts for our business and personal lives. That means five new passwords and five new opportunities for someone to access your information or steal your identity. On top of all that, how many of you can honestly say you use a unique password for every one of your ever-growing list of online logins?

The truth is, it has become nearly impossible to create and remember long, secure passwords for all of our online accounts. The solution that most people have begun to adopt is the use of a password manager such as LastPass which is included in SecureAnywhere Internet Security Plus and Complete. Using a password manager solves a number of problems such as:

  • Generating randomized, secure passwords
  • Locks your huge list of account passwords behind a singular “master password” or biometric password such as a fingerprint/face scan
  • Distributes access to that list of passwords across all of your devices

While password managers are not flawless, they solve most of the issues make people and businesses vulnerable to data breaches and identity theft.

Making a password that would be considered secure consists of the following:

  • A password should be 16 characters or more; our password-related research has found that 45 percent of Americans use passwords of eight characters or less, which are not as secure as longer passwords. 
  • A password should include a combination of letters, numbers, and special characters.
  • A password shouldn’t be shared with any other account.
  • A password shouldn’t include any of the user’s personal information like their address or phone number. It’s also best not to include any information that can be accessed on social media like kids’ or pets’ names.
  • A password shouldn’t contain any consecutive letters or numbers.
  • A password shouldn’t be the word “password” or the same letter or number repeated.
    (Credit to Security.org)

I tried for years to create unique passwords that follow this set of rules and succeeded...for a while. Recently, I finally admitted to myself that I didn’t have the ability to memorize my 20+ unique passwords and was using the “forgot password” function far too often. Since adopting a password manager, I haven’t had to click “forgot password” because I only have to remember a singular, strong, master password to get access to the rest of them. It’s been such a level-up in my online life that I can’t imagine ever going back.

(For the record, I use KeePassXC since i prefer local storage)

What password solutions is our tech-savvy Webroot Community using? Cloud/Local password managers? Superhuman memory that never forgets 16+ character passwords? Leave us your thoughts in the comments below!

I’d like to credit much of the content in this post to our Writing team and this amazing World Password Day Blog they created. Go check it out to learn more about password integrity!

 


54 replies

Userlevel 7
Badge +4

They are with my clients!!

Userlevel 7
Badge +20

I wonder how many tickets would be in my company’s support queue if none of them were password related!

 

Are password issues/resets really that much of IT support queue?

Userlevel 7
Badge +4

I wonder how many tickets would be in my company’s support queue if none of them were password related!

Userlevel 3
Badge +1

@TylerM @FasteasyPhil  This isn’t something we offer today, however I will bring it to the team for discussion.

Thanks,

Chris

Userlevel 7
Badge +20

 

I didn’t know WR had a lastpass integration / bundle.  Is this available as an MSP product?

I’m not sure if that’s an option in business offerings will check with @csaunders 

Userlevel 3
Badge +2

End users are going to continue to use weak passwords, they just don’t care.  We need to more away from passwords.

I am always amazed when financial institutions have pretty lax rules for passwords to sign into your account.  I have used password managers for years.  It does help a lot.

Userlevel 3

We’re using lastpass at the moment, seems to work well for us. Trying to push out to our customers as well, but some don’t want to pay for this 

For me I also like the phrase or sentence to use as passwords 

Userlevel 4

I always love the idea of PHRASES. Most of my passwords are in my head and most are lines from movies or TV shows. I use the spaces between the words as my special characters [BTW some logins don’t allow spaces for PWs 😡]

I always make sure to change it up for each login or have a set pattern for certain types of movies for certain types of logins, I won’t go into detail for obvious reasons

I’m not going to give you a whole part

 

My favorite password is always got to do with one of my favorite winter foods……. soup. so you can give me 0n3T0n$0Up4M3t0d@y! anytime……… 

Userlevel 4
Badge +3

A password manager is essential in today's environment for good password security hygiene. I am curious, however, about the need for monthly or quarterly rotation of passwords if adhering to other best practices such as non-reuse of passwords, appropriate complexity, etc.

Userlevel 3
Badge +2

For years sites rqyuires 1 capital some lower case and a special character giving rise to Andrew1! and similar.

The sheer stupidity that three words can’t be used as phrases on many sites still confounds me, they can be used to describe all the locations on earth (as the advert says).

Password reuse is rife amongst nearly every customer I’ve ever seen “hacked” or else they typed it in to a phishing site.

I didn’t know WR had a lastpass integration / bundle.  Is this available as an MSP product?

Userlevel 6
Badge +1

LastPass for me. We get a free family license with our business licenses, so it was a no brainer. I agree with @TylerM though on changing the term from password to passphrase. We have completely eliminated “password” from all of our documentation and replaced it with passphrase. Doing what we can to get it in everyone’s head. 

Userlevel 4

I use lastpass and I like using passphrases for passwords as well.

Userlevel 7
Badge +20

I wish passwords getting cracked were still a thing. Anymore, the passwords are handed over willingly through phishing emails.

too true

Userlevel 2

At work I mainly use KeePass so that I can share the database with my manager -- you know, the hit-by-a-bus principle whereby you need a backup. It’s secured using a passphrase. Most typically I did use several passwords or forms of those passwords. I’ve been slowly going through the devices and making unique passwords for each device. For the ones I cannot cut and paste, I will use a passphrase.

However, I must admit that I use the convenience of my browser’s own password manager for website passwords and usually go with its default suggestions when I sign on to new sites. I do use it for both my corporate and personal accounts.

Userlevel 3

My company uses 1Passowrd. We have recently deployed this product internally and externally. 

I couldn’t possibly remember all my passwords so I use a password manager and only have to remember 1 really long password now...

Userlevel 5
Badge +18

I finally manged to convince my partner to use a password manager - I’ll be collecting my halo tomorrow!

Userlevel 2

Long passwords are always better.

Userlevel 2

Combination of a couple of password managers used in our business - LastPass and one in our documentation tool.

Trying to get customers to use a password manager on the other hand…. Especially when most have an iOS device so have Keychain for Apple devices built-in. Why is it so difficult to make them understand the benefit vs using the same password on every site?! 😑

Userlevel 3

Bitwarden for me. I figure one less thing to worry about and a lot more things to not have to worry about remembering.

Userlevel 4

I use a password that contains a mixture of everything but the problem is, I cannot use phrases for the life of me.

I can think of my most favorite phrase, and i’ll STILL forget it and have to reset my password.

Bad practise but it is what it is!

Userlevel 7
Badge +63

An encrypted flash drive and text file are magic for password storage. 

I use to do something similar using a Text file then Password protected zip RAR file.

Userlevel 4
Badge +5

An encrypted flash drive and text file are magic for password storage. 

Reply