Story image

Expert offers password tips to aid a stress-free sleep

15 Mar 2019

The 15th March marks a day that you might not have been aware of - World Sleep Day.

For many people, the worries of the day can often crawl into night-time routines and cause lost or disrupted sleep - and a perfect example of that is those that work in the cybersecurity industry.

Ever-changing threats, almost daily news of breaches, and the constant and relentless risks for businesses.

According to LogMeIn, almost  over 271 thousand records are breached every hour, adding to 2.1 million records in one night’s 8-hour sleep - pretty good cause for late night stress among cybersecurity professionals.

LogMeIn chief technology officer Sandor Palfy says given the magnitude of the situation, it’s surprising to consider that the cause is a relatively simple act that everyone is familiar with, as 81 percent of confirmed data breaches are caused by passwords.

So in light of World Sleep Day, Palfy has shared his best practices for password management to perhaps enable a better sleep among cybersecurity professionals.

Require strong passwords for every account

“The most secure passwords are at least 18 characters and include a mix of numbers, letters and symbols. Short, easy-to-remember or default passwords are not secure and can be easily cracked by hackers,” says Palfy.

“It’s also imperative that then these passwords are not re-used on multiple other online accounts. Putting password strength policies in place in your organisation will help prevent weak password creation and reuse.”

Password management

“Given that the average person has 200 passwords to keep track of, there can be strong reluctance to create unique, complicated passwords for every online account that are updated much more frequently. To that end, a password management tool can be used to generate and store secure passwords,” says Palfy.

“A password manager can also help identify passwords at greatest risk and automatically update them as needed, removing the chore from employees. Once employees begin to use the password manager as part of their daily workflow, they will start replacing their short and repeated passwords with long and unique ones.”

Train employees on proper password management

“It may surprise (and anger!) some IT professionals that employees often use the same passwords across professional and personal accounts – 59% have reported mostly or always using the same password,” says Palfy.

“Employees should be trained on the risk involved with reusing passwords and be advised to use unique passwords for each account.”

Be careful when sharing passwords

“Sharing passwords in the workplace is inevitable, but you should never share those passwords via email or text. You always want to limit the exposure to a password and thus limit its vulnerability to hacking,” says Palfy.

“This includes storing multiple passwords in an easily-accessible document, which again is common practice with 42% reportedly keeping passwords in a file on a mobile device, word document or Excel spreadsheet. Using a password management tool to help you securely share access to passwords is your best bet.”

Implement multifactor authentication (MFA)

“MFA is one of the most effective ways to add another layer of security to password protected accounts,” says Palfy.

“Even if a hacker obtains a password, they will still have to provide an additional factor before breaching the account. Multifactor authentication adoption is still relatively low and should absolutely be considered by more organisations.”

Palfy hopes that these tips help for this World Sleep Day, as everyone deserves a good night’s sleep at the end of a long work day.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.