There have been several high profile cases of midsized businesses having their employee’s passwords hacked and their emails published, or rude and embarrassing items posted via their social networks. There are several way it can happen, like clicking on a malware link, but all too often the fault lies at the user’s doorstep.
Several studies of passwords show that the majority of users have simple keyboard combinations like 12345 or qwerty, a first name, swear words, or use the word “password”. Do you think that hackers know this? Yup! You can see 20 of the most common passwords.
Click to Tweet This Post ★ Avoid A PR Nightmare By Creating Better Passwords ★
An Easy Password Can Cost You A Lot
It is difficult to remember long or complex passwords, but not making a strong password can have devastating and very public results. False information released through an executive’s social networking site can lower the stock price or ignite consumer unease. Personal or embarrassing emails or texts released to the media can ruin careers. The damage can be done easily and quickly. With the resulting cost going to the company and its stakeholders.
Corporate Communications needs to include information on creating strong passwords in the company’s guidelines for social media, and create employee awareness by sending it out several ties a year via the company’s internal communications channels.
*
-New here? Get more useful social media news and insight by subscribing for free to the RSS feed, or to the zero SPAM Steveology Blog email alert *Privacy Policy.
*
While your IT department is right about “vj38*9ldspAn#27” being a very strong password, the reality is no one will remember it or use it – except for your IT consultant.
4 Don’ts For A Secure Password
Tuan C. Nguyen noted in a blog post:
- Avoid using parts of your name or email address since criminals can easily figure this out
- Don’t include personal information like your birth date, names of family members or street addresses.
- Consecutive numbers are a bad idea. You can basically nix “123456″ or any other pervasively common combinations.
- Steer clear of familiar sequences, phrases and slang terms.
A Quick And Dirty Easy (Easier) To Remember Password
The longer and more random your password the better. So, please use this formula at your own risk. I have found it helpful when working with clients I know won’t stick with, or even use, complex passwords.
A) Think of a 3 or 4 letter word. (You can go longer if you want.) Example Beat.
B) Think of a number or spacial character (!@#$%&*). Example 8.
C) Think of a different 3 or 4 letter word than you did in step A. Example Urn.
D) Do the same thing as step B, but if you picked a special character, this time pick a number, and vice versa. Example @.
By putting those together we have Beat + 8 + Urn + @ = “Beat8Urn@” as a password.
Check Your Password Strength
How good is your password? Well the good people over Password Meter said mine was pretty good:
Bonus Points
You should reorder them in a way that is easiest for you to remember. Also, if you are up for it, you should add a step E by adding one more word, number or spacial character to your password string.
Keeping Your Passwords Organized
A handy tool for managing your passwords is to have a Password Manager. A free software I like is KeePass.
KeePass describes themselves as a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.
About Steve Farnsworth @Steveology
Social media, communications, and content marketing for technology companies. Strategy and implementation that generate leads, builds customer loyalty and word-of-mouth buzz. Contact 650-331-0594 to increase your market position and sales.
Geoff Livingston (@geoffliving)
August 29, 2012
It’s funny. I woke up today and Facebook notified me that they thought my account had been compromised and I needed to change my password. Of course, I did, and I had to check a variety of applications and posts to make sure nothing happened. Boy, was that scary. I did think about this from a PR standpoint in case someone went rogue on my page and my friends pages.
Steve Farnsworth A.K.A. @Steveology
August 29, 2012
The idea of getting hacked is scary, and the problem is compounded for people in our line of work. We click on so many links it’s hard not to occasionally click on a malware link. I’m very careful to only click on links I trust, but I click on hundreds of links a day. Once or twice a year I pick up some bad juju. Thankfully, they have tended to be just annoying, but I did just have to do a full reinstall about three months backs.
Kevin Mullett
August 29, 2012
Great post, with a message people need to hear. I can also recommend LastPass for password storage with the added benefit of optionally automatically logging you in to your favorite sites once you have provided the key password. The base is free and it is under $20/year to also be able to use on mobile. I have used it for years.
ginarau (@ginarau)
August 30, 2012
Unfortunately, it’s usually not until something scary happens that we tend to these topics. I work for a company that offers a solution to the password dilemma (social login) and still don’t have good password etiquette for my own tools. It wasn’t until my wordpress account was compromised and I couldn’t access it for five days that reality slapped me across the face. For those long five days I checked my site constantly to see what someone would post or change on my site.
A lot of past and present co-workers use LastPass and I’ve heard good things. For me, getting that close to a PR nightmare was enough to find a better solution.
Adi Gaskell
August 31, 2012
Interesting post Steve. In my younger days I read a lot about guys like Kevin Mitnick, and it left the impression that most security breaches weren’t so much about people hacking passwords as humans simply being slack.
This could involve them saying things they shouldn’t, or giving away confidential information to people they shouldn’t be.
It does all underline the importance of security though.
Jackshon
September 1, 2012
Erhm, speaking of naughty… You have a Freudian typo in your text: ” very pubic results “.
Chuckle. Happens to the best of us.
Steve Farnsworth A.K.A. @Steveology
September 1, 2012
Indeed! Thank you so much.