By Scott Gerlach
Passwords are broken.
OK, now that we’ve cleared that up, let’s talk about why, and some ways to help protect your business online.
To make passwords hard for computers to guess, you have to make passwords hard to remember. To prevent one compromised account from destroying the security of all of your online services, you should use different, hard-to-remember passwords. This predicament leads people to use one easy-to-remember password for everything. Which wouldn’t be bad except you don’t want your Facebook password to cough up your online banking credentials. Nor would you want to lose your domain names and hosting sites to a slip of a Twitter credential.
According to an excellent article on How to Geek:
“Password reuse is a serious problem because of the many password leaks that occur each year, even on large websites. When your password leaks, malicious individuals have an email address, username, and password combination they can try on other websites. If you use the same login information everywhere, a leak at one website could give people access to all your accounts. If someone gains access to your email account in this way, they could use password-reset links to access other websites, like your online banking or PayPal account.”
What’s the solution to this persistent problem? Password managers.
Password managers to the rescue
A password manager is an application that encrypts and securely stores your passwords. You can access it from both your desktop machine and your smartphone.
From the online to the offline, password managers can help us manage and maintain strong passwords across different online services — and make them available to us no matter what device we are using. It also can get us out of having to use the password reset function every time we log in to a site.
I personally use KeePass and Dropbox together for the ultimate in portability. Some other popular options include:
Your business’s online security is worth the time it will take you to research your password manager options and get a strong manager in place. To learn more about password security, check out a wealth of online security articles in the GoDaddy Garage.
Scott Gerlach, CISSP, is the Information Security Architect for GoDaddy. His focus is finding and building tools and methodologies that help maintain a safe environment for customers to host their data within, as well as protecting corporate data assets from attack. Scott coauthored a patented idea around detecting and remediating DDoS. He also managed the Security Engineering and Security Operations Teams at GoDaddy.