Strong passwords could be leading users into a false sense of security. And recent thefts of passwords are showing why.
The old way of users thinking about passwords was that if you had something worth protecting, you needed a strong password to keep it safe.
One that was:
- a mix of letters and numbers
- a mix of upper- and lower-case characters
- as long as possible, and
- difficult for anyone to know but you.
It has to be unique
But even if users created this perfect password, they’re probably going to make the crucial mistake of reusing it.
And with recent password thefts from Google, Facebook and Twitter, among others, password protection has become more important than ever. Even if the strongest password in the world is stolen, chances are that the user has repeated it across multiple accounts.
So if a username and password stolen from a message board is the same as their bank account — well, they could be in deep trouble from a hacker who does a minimal amount of guesswork.
In fact, in a recent Mac Rumors password theft, the attackers took to the web (on the same site they stole the passwords from) to reassure users that they wouldn’t be using those passwords to go after other accounts.
For what it’s worth, that’s a very nice gesture on their part, but one that you should probably take with a grain of salt. Users will likely want to change other shared passwords as well.
New password rules
Work passwords at this point may be too valuable to users. If it’s at all possible, sensitive apps should have randomized passwords that you supply and switch out regularly or store in a password manager.
Also, make sure to have two-factor authentication whenever possible. This can be an added layer of protection even if a password should fall into the wrong hands.
If nothing else, remind workers re-used passwords are a two-way street: If someone was able to get a hold of their work passwords, that could also be used to steal personal or bank account info if the passwords were re-used. Best to keep all those codes separate.