Experts: Don't be lazy about passwords
Posted May 11, 2015 6:13 p.m. EDT
Updated May 11, 2015 10:18 p.m. EDT
Work, email, banking, shopping – How many passwords do you juggle? How many can you remember?
Computer security experts don't bother with memory. Instead, they use tools to manage multiple passwords which they say keep accounts more secure.
Richard Biever is the chief information security officer at Duke University. He says every single account needs its own password.
"I have three passwords I have memorized out of about 240, and the rest of them, I don't know," Biever said. "What makes a password a good password is length and randomness."
His tactic combines two best practices: a few key passwords plus the use of a password manager to randomize the rest.
Programs and applications like Lastpass, Dashlane and 1 Password come highly recommended.
When a hack happens, Biever points out, it is just the tip of the iceberg. Hackers use the data they collect to see what else they can get into.
"The fact that we reuse passwords plays right into their hands," he said.
Brian Wilson, information security manager at SAS, says he protects more than 1,000 accounts with a password manager and a second step, called two-factor authentication.
That second step requires that a user reply to a text or email message to verify their identity.
"It makes a big difference in security if your password does become compromised because you did reuse it somewhere else," Wilson said "The person can still not get into your account because there's an extra factor that they don't have. They're not going to have your smart phone."
Wilson and Biever also say people need to stop being lazy with passwords. Don't use family names, significant dates and sports teams. Instead of a password, think of a phrase that incorporates letters, numbers and special characters.
"You might have a phrase or a name or something that you remember and you tag on certain pieces of information so everything is just slightly different but it still has the same root," Biever said.
Both experts advised keeping one copy of all your passwords printed out and secured in a safe deposit box for family members. That way, they can access your accounts in case something happens to you.