What was that password?
After over 20 years in the industry, I am rarely surprised by the way people manage their passwords.
We see clients with Post-it® notes attached to their screens with their passwords in plain view. Others have a half-hearted attempt to hide their passwords away by putting them under their keyboard, whilst some have little black books next to their computers with ‘Passwords’ printed in bold on the front cover!
Most websites will make it perfectly clear that you should have unique passwords, for every site, and that you shouldn’t use common themes. So don’t use your daughter’s middle name or the street where you grew up. They are also adamant that they shouldn’t, under any circumstance, be written down!
This poses a challenge as most people who use the world wide web have dozens of passwords to remember. No wonder it’s not unusual to find people using easy-to-remember words or phrases (like ‘password1234’).
An added problem is how to control passwords throughout your organisation, where many people may need to log into various websites, with the same username and password. How can a company manage a multitude of accounts, with staff coming and going, without having to constantly update logins and passwords? It’s easier if you have low staff turnover, or if employees are managed into and out of an organisation in an efficient manner, but if staff leave with no warning, or you have to dismiss them, prising their passwords from their possession as part of the leaving arrangements can be a difficult, and frustrating process.
So, whether it’s just your own passwords or you’re running an organisation with several staff and need to ensure that there is some way to keep track of everyone’s log ins, you need something more reliable than a little black book or a spreadsheet that’s a security hazard.
This is where password managers come into their own. A good password manager gives you the ability to securely store multiple passwords, safely share them between staff, control access of your team, and even allow direct access to password protected sites without handing over your passwords.
The saving in time alone makes them well worth introducing, but coupled with the security and flexibility they offer, they’re a no-brainer solution to the never ending problem of creating, storing, and sharing logins, whether it’s just for you or your entire organisation.
If you would like help or advice in how to manage multiple logins then just give us a call on 01376 653115 and let’s talk about your situation and find the right password manager for your needs.
Back to the password issue - I would go for something we have, something we know and something we are - We all have mobile phones, show me any IT person that doesn't have a mobile phone or at least access to one. Use this as your sign on device - yep, phones can be stolen - but before the network lets you sign on, you need to enter your PIN into the mobile and run an app that will ask you for another PIN (a different one) to let you onto the network perimeter - and then most phomes nowadays have some sort of biometric reader - finger print or face recognition - use this to get onto the domain - The chances of a thief getting all of this from stealing the phone is very unlikely.
IMHO, the recent issues at LastPass has caused people to question how good password managers are. The advice I give is to look at the risks caused by your current way of managing passwords against those from password managers.
This is our lives.... passwords suck!!
Oh no! Someone is using my password. ;)