A series on password policies

Passwords. They’re exhausting, aren’t they?

Because a simple password just isn’t enough to protect our companies anymore. In this era of cyber-attacks, we’re told our password must be strong. And complex. And long. And ever-changing. And . . .

And we’re tired. In fact, seven out of 10 people have stopped trusting that passwords even help protect data. Entrepreneur says 47% of people use passwords that are at least five years old. And the most popular passwords are still password, qwerty and 123456. [1] We’re not even trying.

But passwords do matter. Sixty-three percent of breaches are still caused by problems with our passwords.[2]

So how we can make sure our passwords really are good enough? In this new blog series, we’re breaking down the latest on password policies. Let’s start with a mistake you’re probably still making.

Do you believe that a cryptic password is the strongest password?

Most of you are still hearing that cryptic passwords are the rule. You’ve got a short string of numbers and capital letters – and a dollar sign for good measure. That’s one $#&@ of password you have there.

Cryptic signs do help. But a short, cryptic password is still a short distance between a hacker and your data.

We’ve discovered that length is actually what matters most. The longer your password, the more secure it is. This increases the number of possibilities that your attacker has to guess.

Here are a few tips on picking long passwords for yourself.

▪ Make it longer. Passwords over 10 characters are very hard to crack, regardless of complexity. But why stop there? This is where the over-achiever in you can really shine. Go for 14 characters or more.

▪ Think of a personal phrase to make it memorable. You can make up a sentence about a personal event. For example: Tedisthevaledictorian.

▪ Make it random. There’s still a chance that hackers could guess the sequence of phrases based on typical speech patterns. One way to combat this is to string together the first letters of long phrases. For example, you could turn this: Ted is the valedictorian in 2017. I am proud! Into this: Titvi2017.Iap!

Now let’s get your company on board. Here are tips on helping your people pick long passwords too:

▪ Get a free access rights assessment. A credible cybersecurity company will identify your security gaps, including password policies. You’ll find out if your passwords are weakening your entire system.

▪ Get help setting password policies. A proper policy is the best way to ensure that every person in your organization is picking a long password. This will strengthen your cyber security.

▪ Keep monitoring. Passwords constantly change along with your people. A cybersecurity company can keep tabs on the strength of your passwords across your company.

So have a little fun coming up with a personal phrase for your password. It’s a great way to memorialize a favorite event and secure your company data. And stay tuned! More tips are coming in our next post on password policies. . . .

Umesh Verma, CEO, Blue LanceUmesh Verma is the award-winning CEO and driving force behind Blue Lance, the global provider of cybersecurity governance solutions. For more than 25 years, Blue Lance’s automated software solutions have been protecting digitally managed corporate assets by assessing, remediating, and monitoring security of information systems. Call Blue Lance at 1-800-856-2586 for your 25-point Access Rights Assessment, or get social with us on LinkedInFacebook, or Twitter.



[1] Carly Okyle, “Password Statistics: The Bad, the Worse and the Ugly,” Entrepreneur, https://www.entrepreneur.com/article/246902.

[2] “Verizon’s 2016 Data Breach Investigations Report finds cybercriminals are exploiting human nature,” Verizon, http://www.verizon.com/about/news/verizons-2016-data-breach-investigations-report-finds-cybercriminals-are-exploiting-human.