Skip to content

Issues With Password Security: It Could Cost You

The average computer user has to log in to several systems on a daily basis. This includes work computers, social networking site, shopping sites, and personal cloud servers, just to name a few. Unless the passwords are assigned, it’s highly likely that most of the passwords users create aren’t particularly unique, and they also repeat.

For example, someone might use a date milestone, such as a birthday or anniversary, as his password for all of his work logins instead of using a separate password for each. He might even go so far as to use that same password outside of work for all of his personal logins.

While recycling makes it easy for people to remember their passwords, it also makes it easy for outsiders to figure them out. If they do and they get into your personal information, you can only imagine how much this could cost you. Setting a strong password is incredibly important.

Efforts to Combat Easy Passwords

Some network administrators try to combat this problem by requiring users to use alpha-numeric sequences, or requiring a combination of capital letters, numbers, lowercase, and special symbols, as well as a minimum password length to get users to create unique passwords. They might also require users to change their passwords at regular intervals, and restrict them from using the same password consecutively.

20120310 - rent an officeWhile this does help a little, users often find ways around the problem by altering the original password to fit the required format.

For example: if someone uses 10121976 as his password, on a system that requires an alphanumeric password with special characters, he might alter it to read TenTwelve@1976. If he has to change the password and is restricted from reusing the same one, he might alter it to read 10%12%76.

While the addition of the special characters will make it more difficult for someone to guess the password, the fact that he’s using that specific date increases the chances that someone will figure it out.

It also presents a problem if the user has multiple variations of that password floating around because not all services have the same password criteria, and not all services require password changes; as a result he could end up confused as to which password goes with which service. Services that assign unique passwords can be a little more secure, but they can also be difficult for users to remember because they don’t necessarily make sense.

If users have difficulty remembering their passwords, they will be more likely to write them down and store them in a convenient location, thus making them less secure.

Also, if left to their own devices, users might never change their passwords, increasing the risk of a security breech.

Possible Solutions

Many experts suggest using a string of words that seem to be unrelated but make sense to the user. Additionally the passwords should be longer than six characters and have a combination of numbers and symbols, which are significantly more difficult to hack.

For example: a user could think of his three favorite foods and string them together into a password, like PickleCatfishShrimp. Then he could replace some of the letters with numbers and symbols to make the password more secure, like P1ckl3C@f!sh2h4imp.

Another option could be using a long common phrase, but use letter substitutions, like Pr!63&P43ju6!c3.

For online accounts, to combat the security risk associated with writing the password down and storing them where someone could find them, the user could also use password manager software which stores any online account login information in a password protected database. The user then only has to remember one password, and the software will automatically enter the correct login information for each site that he visits. Additionally, if the passwords ever change, the password manager will automatically update with the new information.

Industry leaders, like Microsoft, have several suggestions for enforcing strong password usage in a corporate setting, but they mostly revolve around network settings, such as enforcing password history, setting minimums and maximums on password age and password length, and setting complexity requirements. However, they don’t address the issue of user difficulty at remembering passwords, and the security breaches that result from writing passwords down.

One solution could be implementing a strong program of user education, teaching users to avoid easy-to-guess passwords, and showing them how to create passwords that are unique, complex, but also easy to remember.

Do you have rock-solid passwords that no one will be able to hack into? For your financial sake, I sure hope so!

Money

AUTHOR Derek

My name is Derek, and I have my Bachelors Degree in Finance from Grand Valley State University. After graduation, I was not able to find a job that fully utilized my degree, but I still had a passion for Finance! So, I decided to focus my passion in the stock market. I studied Cash Flows, Balance Sheets, and Income Statements, put some money into the market and saw a good return on my investment. As satisfying as this was, I still felt that something was missing. I have a passion for Finance, but I also have a passion for people. If you have a willingness to learn, I will continue to teach.

8 Comments

  1. i try to keep different passwords but then I can never remember what my password is! It’s a very reoccurring situation where I have to request a new password before I get locked out from guessing too many times.

    • I also try to keep different passwords, but it is so difficult to remember. I can see where many people would stick with the same password for everything. However, that gets incredibly dangerous when it becomes discovered. We all have to be very careful, especially as more and more payments are made online.

  2. With so many passwords to remember, I find they all manage to get jumbled! I have managed to dramatically increase my security level over the past few years though to reduce the risk of hacking.

    • Yeah, same here. It’s amazing how many people think they know what my user name is for this site and try to hack in. Pretty scary. Good thing I have a solid password.

  3. I use a password manager. After the last round of website hacks last year, I did a writeup of different password management solutions to help people make an informed choice in password managers. After all, with online banking and investing, your money is only as secure as your password.

    Whatever you do, never use “password” or “123456” as your password.

    • Yeah, I heard the most common password out there was “password123”. If this is anyone’s password, they should really change it immediately!

  4. Using a password manager is indeed the best way to go. Having a naming scheme is handy for places where you need to input it and can’t use the manager to help you, but for the rest I’d use just randomly generated passwords.

    Also, enable double authentication where offered. It can be a bit of a pain to have to do two-step verification but if your password is somehow discovered you will be thankful for it. And most let you flag a device as trusted for a while.

    Lastly, please stop using public Wifi, and if you must, use a VPN to go through. Smartphones and laptops allow you to “remember this network” but what it really does is remember the name. If you regularly connect to open network FreeWifi and I set one up and name it like that, your phone or laptop will connect to my network. And if you then send unencrypted data, or don’t use a secure connection, well it is dead easy to intercept data. For this reason, always use the HTTPS version of websites when not on a VPN. And if there isn’t one, well, consider just not using the site on some free open network. Apps and such may do this without your knowing. And if you then use the same password and email for everything, well, quite easy to overtake your online identity.

    • Yeah, public WiFi can be extremely dangerous, but so many people use it without thinking twice! In this day and age, people really have to be more cautious with their online use. Thanks for the comment, Nina!


Add a Comment

Your email address will not be published. Required fields are marked *

Related posts