Password security is an increasingly important matter among technology experts as they debate the issue over usability, security and privacy. Ideally the three fields would work more compatibly, providing us with easier systems to use while still maintaining that rock solid security we need. There may always be a degree of inconvenience to the end-user when it comes to creating new passwords and upholding the expectations we set for impenetrable security.

Perhaps a little inconvenience is worth it– as Cory Visi, Managing Partner at GCInfotech, points out, “Millions of computers all over the internet (some hacked, some not) are running programs that scan other computers and servers for weak and empty passwords 24 hours a day, 365 days a year. If your password is simple and short, your account is likely to be hacked.”

It’s a dangerous world out there, one where technology experts have to battle the savvy hacker looking to gain access to your personal or company data while still considering that the legitimate user, you, demands accessibility with nothing more than a few keystrokes. It’s striking that balance between security and usability that ultimately determines how reasonable password requirements really are, and our willingness to comply with them.

It begs a couple of key questions– the more security measures we introduce, the harder it is to use a system? The more security a system has, the less secure it actually becomes? Fundamentally, people understand the need for security and are typically willing to comply because it seems necessary, but it’s really about the effort required to comply that make security measures successful or not. If a system is unusable because of overbearing security protocol, people will invariably create the necessary workarounds in order to get their job done. However this occurs, whether it’s posting a sticky note on the monitor or using “password” as your password – it all boils down to the fact that you just may be sacrificing security for convenience.

Overly restrictive password requirements could in fact decrease security and even increase your costs. Decreased security due to the methods people employ to recall a password, and increased costs due to the resources you may have to redirect toward helping users when they get locked out of their systems recurrently. In essence, the good guys are kept out while the bad guys aren’t affected, because, after all, they have other ways for penetrating your system, including phishing scams and key logging for example.

It’s very important that you have someone, if not the entire IT staff, who understands the intricacies between the systems you run, any new developments that exist for enhancing security measures, the needs of your end-users, and the psychology of illegitimate users. These factors will indeed play a meaningful role in securing your systems. And, of course, engage a mandatory password change policy for your employees.

Cory Visi further explains the need for such a policy by saying, “Even the owners and partners should comply. Password security policies should balance the frequency of changes with the complexity of the password. Passwords that are changed more often don’t have to be as complex. However, high security passwords should always be complex.”

Experts may provide different parameters for password creation, but always remember that the best password is both highly secure and easily recalled by memory. Here are some helpful tips:

  • Use long, non-word combinations
  • Don’t use personal info or follow any discernible patterns
  • Use different character types (i.e. symbols, numbers, upper and lower case letters if permitted by the system)
  • Use a passphrase (i.e. “I Love to eat Carrots and Dip 4 Snack!” = ILteCaD4S!)
  • Use a password management tool
  • Use different passwords for different sites, especially for those you want to keep secure
  • Change your passwords frequently and don’t reuse them for at least a year

If you don’t have a comprehensive plan of action for ensuring the maximum security for your systems, it’s time to have that discussion with your IT consultant. If you need help understanding what options are available or need to know more about password and system security, one of our expert technicians at GCInfotech can help you.