To me, every day is Password Day.
It’s such a big part of my business that I can’t waste time with lost or forgotten passwords. I manage password for my business, my clients, side projects, and I have personal accounts. All accounts in total number in the hundreds, certainly more than one thousand.
I’ve tried to figure out a way to charge more when a client forgets their login credentials, but I’m still working on it. It’s a major peeve of mine to be sitting there with a someone who tells you that they want to step up their online game and then we sit there trying a couple of passwords before it needs to be reset.
Passwords are a loss of productivity on average of $420 per employee. For a business with 500 employees that is $210,000 annually. Even if you are on the solopreneur scale you can’t afford that kind of inefficiency.
If you are planning on building accounts with value you will need to protect them with a strong password. And not the same password over and over again. If you build a popular account on Twitter it will attract hackers who will want that audience for their own message and/or products.
Staying with the Twitter example, they already know your username, so if your password is in a dictionary, or common password list, your account is amazingly easy to break into. All it really takes is time and VPN.
Password Do’s & Don’t’s
- Use something that you can remember
- Use a mix of upper and lower case, numbers, and special characters –
- Use at least 12 characters
- Use dictionary words
- Use consecutive numbers
- Reuse passwords
- Use your address, phone number, Postal Code, names of pets, family members, or anything that basic research would uncover
This is a bit technical, but it is a good way to come up with strong memorable passwords. Also a bit misleading in two ways. It’s the length of the password that creates difficulty and brute force isn’t the only way to crack a password. Not that combining four words out of a dictionary is “easy” or necessarily faster.
We use LastPass to generate random strings for passwords and store an encrypted version that is easily accessible. It also makes it easy to share passwords with clients and other collaborators. LastPass will also monitor for security breaches on the websites themselves. Remember Heartbleed? You can also update passwords on some sites from the LastPass interface.
There are several password managers, but I have been using Lastpass since I started this company and haven’t had a single issue with it. Highly recommended.
So what happens is that a password gets encrypted into a hash string and stored on the Lastpass server. So even if there is a security breach at Lastpass they only have the encrypted version of your password and would need your key to decrypt it or they would need to crack the hash. You still need to follow best practices when using LastPass. Pick a strong password and update it every couple of months.
World Password Day is also raising awareness for multi-factor authentication (MFA) with Internet megastar Betty White. Also available on LastPass (MFA not Betty White).