Our PROMISE: Quality Digest only displays static ads that never overlay or cover up content. They never get in your way. They are there for you to read, or not.
Quality Digest does not charge readers for its content. We believe that industry news is important for you to do your job, and Quality Digest supports businesses of all types.
“Those password safes have a master password. And that’s ideally the situation for you to put in a longer password, maybe a password that you can remember, but it’s much harder to crack—something like ‘To be or not to be, that is the question.’ You have spaces, uppercase, lowercase, you have a period at the end. That’s a decent password because it’s pretty long and pretty easy to remember. Not saying everyone should have that one. But I think you can go far with phrases that are easy to type in and remember.”
Still, humans will be humans
LastPass notes that the average employee starts with 20 credentials in their password vault and doubles that total after only three months. Instituting effective password policies and procedures can make workers’ lives easier and your company’s operation more secure.
Omernik says, “In general, people think, ‘I’ll just make it a policy that people have to do X.’ No, if you want people to do X, you have to make it so people want to do it, feel like they need to do it.”
There are additional layers that make it hard for cybervillains to sneak up on you. People might have tokens they can put on a lanyard, or a USB token they can plug in to log onto the company’s system.
If you have a long or complex password, the potential for keying it in wrong and then pulling your hair out trying to correct your mistake is its own reward. The way forward is to achieve the higher purpose of authentication—secure ways to prove to your computer system that you are who you say you are.
He says, “If you think that just increasing password complexity makes a better password, well, no, because there’s a human interaction. When you have complex passwords, people start taking steps to get around it.”
Some may be reluctant to make their face or fingerprint part of the cybersecurity solution. The potential of AI and data mining can inspire paranoia.
In its article, “139 password statistics to help you stay safe in 2023,” digital security firm Norton cites a report by password manager LastPass that more than 80% of confirmed breaches can be attributed to stolen, weak, or reused passwords. And while 91% of the people asked understood that it’s a security risk, more than 60% admitted to reusing passwords.
“One of the biggest issues people have is a perception lag. They see their face being used right now, but they don’t see where all of their different passwords at every single website could be compromised by a single person and then used without their knowledge. The risk we can see seems more dangerous than the risk we can’t see. But in a digital space, a lot of the risks are risks we can’t see.”
“You should never have shared passwords. And it shouldn’t have the site name in it. Let’s say your dog is named Snickerdoodle, and you use Snickerdoodle in your password on every site. You say, ‘I’m going to make this unique, so I’m going to use snickerdoodle_nike.com, I’m going to use Amazon_snickerdoodle, or uber_snickerdoodle….’ No, no, no. That’s not right. It has to be random and unique.”
Some companies take a fire-drill approach by sending the entire enterprise an email with a spurious link to see how many employees will ignore corporate policy and click on the link. But Omernik sees that as ineffective and short-sighted.
However, someone has to pay for this content. And that’s where advertising comes in. Most people consider ads a nuisance, but they do serve a useful function besides allowing media companies to stay afloat. They keep you aware of new products and services relevant to your industry. All ads in Quality Digest apply directly to products and services that most of our readers need. You won’t see automobile or health supplement ads.
That’s where people like Omernik go to work. “The onus is on us to develop systems that achieve authentication in an accurate way,” he says. “That’s the quality component here. We need to do this well. Otherwise, we’re putting everybody at risk.”
“Yeah, I can use phishing tests, see if they click on a link and put their password in. But that’s not a systematic way to handle it. Maybe you increase awareness for a small time frame until the next test.
“We now have all your passwords.”—“Oh! Thank goodness! What are they?” Bob May on Flickr
Use a password manager
What you do need is to make the protocol and process a relatively mindless part of the daily routine. “That’s the single best way for people,” Omernik says, “because you remove the human stupidity and human laziness from the equation. Or, to put it another way, instead of stupid and lazy, let’s say it’s the best and the easiest, most efficient way.”
Omernik says, “Within the authentication steps, it’s things you know, like the password, or your mother’s maiden name. Those are things that you have, like your device. Then there are the things that you are, like your face or your fingerprint.” That’s the trend he sees taking hold.
Is Big Brother—or anyone else—watching?
“So, how do you find the right balance? Or do you try to hop off the continuum and say maybe passwords aren’t the right approach, maybe we need biometrics or a different approach for things that we want to have a quality representation of authentication.”
Moving beyond passwords
“It’s not so much about the risk of the password being cracked, but that that password could be compromised,” Omernik says. Your company might be fine, but if you used the same password elsewhere, and that site was compromised, it could mean big trouble for all your accounts.
Dictating difficult procedures to employees will produce predictable results, Omernik says.
You don’t have to be a people person or a gifted leader to understand that citing stupidity and laziness is not a good way to explain a new policy or motivate workers. In the art of management, simply insisting that everyone do as they’re told is fairly ineffective.
I can attest to that. Though laziness may be a root inspiration, figuring out how to do work more easily is something I prefer to call efficiency.
Without raising false alarms, it’s fair to say that password insecurity is a problem that lives near you and is worthy of your attention.
Don’t make a personal password personal. Omernik advises against using words that are part of your identity, like your kids’ names or the name of a pet—things easily found elsewhere, like on Instagram or a Facebook post. Along the same lines, don’t answer those nostalgic questions you see in social media, such as where you were on 9/11, your first car, etc.—they’re information-gathering tools.
But timesaving techniques can weaken cybersecurity. Omernik says, “You have people who think they have more knowledge than they do taking steps that they think are making them more efficient or more effective.
How bad can it get? The most commonly used password is “123456.” What could go wrong? It takes less than a second for a hacking tool to crack the most common passwords—that’s what. And it’s not getting better: 65% more passwords were compromised in 2022 than in 2020.
In office situations where people might share a desk and the same computer, they should not share a password. It’s not just the information that’s less secure. It could be the employee, too.
Published: Tuesday, January 9, 2024 – 12:03