Every time you sign up for something new, it seems you have to think up a new password. Sometimes you can use your Google or Facebook credentials but more often than not, you have to use your email address and come up with a new password.
The lazy amongst us reuse common passwords so they don’t have to remember new ones.
Do NOT reuse passwords! That is a really really bad idea.
If one site you use is hacked and the hackers get a list of user IDs and passwords, it’s obvious that they will try them out on other common sites. For example, if you used the same password for LinkedIn and Netflix, then the hacker will exploit that, and try other sites.
We know it is hard to think of passwords that aren’t named after your pet, family members or a special place. That’s where a password manager, like the KARE Password Vault comes in. The tools generate random and complex passwords that are unique to every site you use.
It only takes one person with poor password behaviour
It is inevitable that someone in your workplace has poor password habits. That is a particular concern if those poor practices stray into web tools that contain business data. It is difficult to control this 100% but there are things we can do, including
- Education – cyber-awareness training
- Shadow IT detection to uncover what sites are in use
- MFA Multifactor Authenticaaion
- Password Vaults to make it easier to have complex and unique passwords
That is why we have changed our KARE package offerings, and ‘KARE Foundation’ includes the education, MFA management and Shadow IT detection, while password vault is included in our ‘Security Plus’ option. These plans are a big step up on the older KARE plans reflecting the more intensive protections that are now required. “All reasonable steps” has become a higher threshold.
How can passwords be made easier?
The protections above help, but the ultimate solution is to make it easier to stay secure. Even with tools like a password vault, it is still a nuisance especially when you are busy.
That’s why passkeys excite us.
If you have used ‘dynamic lock’ with Windows 11, then you will have some idea of what these are. Simply, you will use something you have, most likely your phone, to prove you are really you. Your computer will verify the presence of your phone with Bluetooth, and figure that you are present and ready to go. We can expect to see this rolling into Apple iOS 16 and into Google very soon. But it will take a long while before it becomes common place, and yes, there will inevitably be concerns about the Bluetooth being hacked. So let’s watch this space.
In the meantime, it is a timely reminder to check you are educating your workplace, and using unique passwords with tools like password managers such as KARE Password Vault.