Blog

Who wants one more password?

Passwords, ugh! Who wants one more password to remember? Passwords are probably the best example of the tug-of-war between security and convenience. “You need long, complicated passwords!” “No, I need passwords that are easy to remember and quick to type!”

Good Passwords

…are just one layer in what should be a defense-in-depth. But bad passwords are, well, a wide open door. When listings of user accounts are stolen and cracked, then found online, security researchers get a glimpse into what people favor for passwords. Here are the top dozen:

  1. 123456
  2. password
  3. 123456789
  4. 12345678
  5. 12345
  6. 111111
  7. 1234567
  8. sunshine
  9. qwerty
  10. iloveyou
  11. princess
  12. admin

As you can see, these are all terrible passwords, but terribly easy to remember. I’m afraid most people are careless about password safety.

But it’s not that hard to be an excellent password user! Two simple changes to your password habits will have you at the top of the good list!

Use Passphrases

For a long time, security experts recommended using numbers, symbols and changes in letter case to make passwords complex. Today, computing power is available in unprecedented quantity, and most short passwords, no matter how complex, can be cracked in minutes. So drop the hieroglyphics, and start using simpler but longer passphrases. These are easier to remember and to type, and more secure, as long as they are over 12 characters long. You still don’t want to use any phrase that is in common usage. “Mary had a little lamb” is a long passphrase, but still a terrible choice as it is in common usage and thus likely to be among the phrases hackers will use to test your security. Change it up a bit.

Use a Password Manager

It is strongly recommended that you use a unique password for every account you have. It would be impossible to remember them all. So let a password manager app do it for you. The password manager securely encrypts all your account information, and you unlock and use it with one master password. Managers are portable between all your devices, so your credentials are always at the ready. For an installable application for your computer, tablet or phone, I recommend Keepass. For a web application, I recommend Bitwarden.

Protecting your business information

The most important step you can take to proactively protect your business is backing up your files. Before securing your network, before improving password security, before user education, if you don’t currently have a backup, take one now! Don’t even finish reading this update.

Got that done? Great! Now, there are best practices to doing backups right. Here is why your data protection should automated, tested, off-site, and versioned.

Automated Backup

The best of intentions are not enough to guarantee that your backups will always be current. We all get busy, priorities change, distractions come. An automated backup/restore process will ensure you have all your data, including the most recent.

Tested Restore

If you are already taking backups, that’s great! But when was the last time you tried to recover a file or folder? Don’t take the chance that only when you really need it will you discover that your backups are no good, or incomplete. Do test restores on a regular basis to be sure the data will be there when you need it. Restore tests should also be automated for the reasons given above.

Off-site Storage

Any backup is slightly better than none, but, as with any insurance policy, you need to plan for the worst. If a fire or storm takes out your entire office, or thieves come and clean you out, any backup kept at your office will be gone right along with the originals. To avoid irrecoverable loss, your data needs to exist in two places separated by a distance.

Versioned Backup

The rise of crypto malware makes even these precautions insufficient. If your PCs get encrypted, then what you will be backing up is encrypted files. Unless you keep old versions of your backups, your most recent backup could overwrite good data with bad and destroy your chance for recovery. Versioning, if sufficiently deep, will allow you to go back to a point in time before the encryption.

ComputAssist’s Proactive Data Protection includes all these features and more. Contact me now to see how easy it is to know that your business information is secure.