There are definitely some funny days on the calendar. February 1 has been declared “Change Your Password Day” by the Internet and so on this day every year it calls upon users to employ secure passwords and to change them regularly.
If you are working at a company, you can probably only laugh at the suggestion – your IT department, through its guidelines, has doomed you into setting a new password every three months containing at least eight characters, at least one capital letter, one special character and one number, and which hasn’t been used within the past 24 months. But cross your heart an hope to die – privately you also (like the rest of the world) use the very same password for several online services, don’t you?
In view of the multitude of services for which one nowadays needs to authenticate oneself, it is hardly possible to avoid using the same password twice. Valuable assistance can be provided by a password manager, which acts as central vault and can be requested to generate long, strong passwords that still prove more than a match for brute force attackers (at least those without quantum computers). The master password for such a password manager should of course be created using every trick in the book!
One should moreover activate two-factor authentication (2FA) wherever possible. This means that in addition to the password a second code has to be entered for safety’s sake. This could, for instance, be a one-time code which the user is sent by SMS or is generated by a special app, but also a chip card or a USB dongle. Biometric procedures such as fingerprint readers or facial recognition can also ensure additional security.
In general, one can’t advise users too often to use their good common sense at all times when on their computers and the internet, while also following a few elementary basic rules. Please feel free to take a look at two of our earlier articles “A Safe Start to 2018” and “User Education: Tips for Email Security”.
P.S: Oh, the irony! This blog post is only appearing the day after Change Your Password Day. Following a little database hiccup with our WordPress, we were unable to log in to our CMS using our thoroughly strong passwords for a while yesterday – and neither could we reset our passwords …