Y'know, I know the saying is 'April showers bring May flowers,' and I don't know about you, but I'm tired of getting caught out in the rain when I try to sneak for lunch. So, let's hurry up and get a cup of coffee ready, because it's time for another
Plumes' Cyber Cafe Chat
And today's brew is going to be something that I'm sure you've all heard plenty about over the recent years:
Why do I need to make a different password for every site?
Cybersecurity - it's a broad term. For some people, that's just talking about password management and making sure you're using a VPN while on public Wi-Fi. For others, that's talking about firewalls, User Access Controls, and Intrusion Detection and Response systems. Then you have people like me who get woken up at 3AM from an alert saying that someone is trying brute force their way into your domain. Takes all kinds of folks, really.
That's where today's chat comes in, actually. Not because it happened recently, no - I'm counting my lucky glow in the dark ceiling stars that I've been blessed enough to get some good sleep recently. Y'see, despite whatever definition you give the term Cybersecurity, there's one element that stays the same throughout all systems, no matter how robust: The Human Element.
Now, that's not just a fancy sci-fi term for the resistance against our ChatGPT overlords. No, the Human element refers to us, the users who access our companies' information on the daily. From the outside in, us IT nerds probably seem like a bunch of jerkwads that don't care about your need to go to Facebook, but there's actually a lot of thought that goes into a successful security network. For example, I could build the world's most secure network - lock everything down behind multiple layers of Multi-Factor Authentication, have attention checks to make sure you're still actively using the information you're reading else I'll terminate your access and make you log in again, and I'll monitor how much data you're pulling so if you pull an unusual amount, I drop the connection immediately. Yes, I could do all of that to help protect against passwords being stolen, accounts being left open while users walk away from their machines, and stop data thievery in its tracks - all three things being real concerns that we face as System Admins alike. But you have to admit, that'd be a real pain in the ass to get into every day, right?
No, a good System Administrator knows how to balance security needs with their usergroup. They need to be able to understand that not everyone can handle multiple MFA prompts all at once, and that if you disconnect things on people too early, they waste more time getting back into the system than actually using it. And as such, they build their network alongside those limitations; I tell you all of this to give you some understanding as to why it's so important to keep your passwords secure. We do a lot of things to make sure getting access to our system, for those who are intended to have access, can be easy - so with that consideration in mind, we can talk about the other half of the Human Element.
Tell me, did you know that nearly 90% of all data breaches are caused by employee mistakes? It's true! Now, when we say mistakes, we can mean a lot of different things: clicking on a spam link and downloading malware, granting access to malicious actors because they say they're a new IT person, and yes, even sharing your password. Whether that be by a phishing attack where you get an email saying to change your password and for some reason, it mysteriously doesn't work after doing so, or you leave your passwords on a 'safe' sticky note under your keyboard, password theft attributes to countless successful breaches every year.
I can hear you now, "Well, alright Seth, I get that I need to make a secure password..." but that's not what I want to tell you. I mean, yes, please do, but what I mean is keep different passwords for all your services!
It doesn't matter if you have a super secure password if you use it everywhere after all!
So that's why I implore you, PLEASE figure out a password system that works for you. I understand that it's hard to remember passwords, but it doesn't have to be. In fact, you can use a system like this:
| Date | Super Cool Password | Website or Purpose |
| 2023Q2 | P@$$W0rd$Rul3! | @Work |
Allow me to explain: In the example above, we've made the password 2023Q2P@$$W0rd$Rul3!@Work.
Trust me, I don't expect anyone to have a password that complex, but this should give you an idea of what I mean. In my example, I use:
- A Date - which is great for passwords that expire every set amount of days. You can keep the same password throughout the year just by changing the quarter!
- A Root Password - Which is a password only I would know. Something that's secure but has value to me. You could even make this a passphrase like "PasswordsAreForChumps!"
- The Website or Purpose of the Site - This helps add an extra layer of security where it's not just the Website name. You could do YT or Videos for YouTube for example!
If you follow the same pattern, creating passwords becomes easier and less complex to remember as time goes on. Think about it: You could easily come up with your own system instead of trying to think about which cat you liked more the day your password resets, couldn't you?
But, I do want to wrap this up because we're getting in deep at about 1,000 words already. Crazy how time flies, huh? Anyway... Passwords don't have to be some complicated thing that you dread creating. You can easily establish a system that works best for you, and that way you don't have to write down everything - or, if you do, write down the model for your passwords. No one will understand it at a glance like they would "GOOGLE PASSWORD TEEHEE". But, by doing this, you not only keep yourself more secure for if someone were to crack your password across all of the websites you may access, but you also help keep your company a bit more secure too. And doesn't it sound nice to make your IT people not work as hard? :)
Thank you again for joining me on yet another Plumes' Cyber Cafe Chat. Of course, you're more than welcome to send any password related questions my way by leaving a comment below, and if this helped, maybe send this over to someone who'd appreciate a quick lesson on cybersecurity. And as always, I'll talk to you again very soon; until next time!
No comments:
Post a Comment