Don't Fall Prey to Lazy Password Practices The Importance of Strong and Secure Passwords Ron Pacchiano
Earlier this week I was at a client site setting up a PC for a new user. Everything was going fine until the system needed to be authenticated to the network. In order to accomplish this, you need to be using an account with administrative privileges. The one I was using didn't.
This meant that I would need to have the office manager handle this part of the installation for me. Unfortunately, though, when I went to get her I discovered that she was in the middle of a meeting and could not be disturbed. This meant that for the moment, there was nothing left for me to do, other than perhaps get some lunch.
Just as I was getting ready to write her a note regarding my whereabouts, I noticed something attached to the base of her monitor. Can you guess what it was? That's right: a yellow Post-it note with her password written on it. Right out in the open for anyone to see. Since her password was available, I used it to finish setting up the new PC.
Despite the fact that her carelessness proved helpful for my situation, the fact remains that the password to her administrative user account was left out in the open, completely unsecured and accessible to anyone who stepped into the room — whether that be a cleaning person, a visiting guest, or an employee with a grudge. No matter how you look at it, this is a very serious breach of security and has potentially disastrous ramifications.
However, this scenario is not a unique one. I have seen this type of careless behavior displayed by employees in companies both big and small, and at various management levels. The biggest offenders are typically older office associates or absent-minded CEOs who can't be bothered with such petty things.
No matter how often I run across this, it never fails to amaze me at how careless people can be with something as important as password security. Proper password management is crucial to maintaining the security of your network.
The way it works is simple, your network account provides you (and theoretically ONLY you) with the means to access confidential and potentially damaging network resources, while simultaneously denying the same access to anyone who isn't authorized to be viewing or using them. The only thing that maintains this secured environment is the diligent protection of your user account. And the only thing protecting that is your password.
This is why you need to protect your passwords, make them strong, and change them frequently.
In case you need a little motivation, here's something you might not be aware of. Did you know that you are accountable for ALL activity conducted on the network with your user account? Sharing your password potentially makes you accountable for the activities of others, and in most cases, is a major violation of a company's security policy.
In some cases, it can even be grounds for dismissal. Also, depending on where you work and the type of resources you have access to, a breach in network security due to your negligence could expose you to potential criminal charges as well.
In short, it's in your best interest to change your password to one that complies with the established guidelines for strong and secure password creation and then adopt responsible practices for keeping it from falling into unauthorized hands.
To that end, your password should never have any of these characteristics:
Personal data such as a child's name, birthdays or a favorite possession
Consist of anything easily guessed, repetitive or running in sequential patterns ("111111", "123456", "abc123")
Comprised of more than three consecutive letters from your network account
Be less than six characters long
And, most importantly, don't ever write down your password in an unsecured manner or share your current password (or even a previous password) with anyone — not with your boss, not with a co-worker, not with your administrative assistant. Even your IT team would never need to ask you for your password. If needed, they could reset it.
