Around noon on April 23, the Associated Press (AP) tweeted, “Two explosions in the White House, and Barack Obama is injured.” An hour later, the Dow had fallen 150 points, the price of crude oil had fallen, and U.S. government bonds briefly dropped. Fortunately, there were no explosions, the President was fine, and the Dow quickly recovered. But that just shows you how powerful a simple hack of the AP’s twitter account can be.
I was talking about this event with Raj Patel, who leads Plante Moran’s information technology security assurance practice, and he told me that the source of many cyber security incidents is a compromised password. While we may often feel powerless to deter cyber crime, this is something we can all do something about. I thought it merited a quick refresher on password best practices.
- Don’t use the same password for all sites.
The key to your office door shouldn’t open the front door of your house, so why should one password access different sites/systems? Just as you use different keys for different doors, you need to use different passwords for different sites (especially financial and e-mail sites).
- Ensure passwords are sufficiently complex.
Setting long passwords that contain letters, numbers, and characters for numerous websites can be difficult to memorize. So what should you do? Use simple phrases. For example, “MyBirthDate?June15,90.” It’s long, it has letters, numbers, and characters, and it’s easy to remember.
- Change passwords frequently.
When was the last time you changed your password for your online banking account or your LinkedIn account? Ideally, you should change passwords to sensitive accounts at least every 30 days.
These best practices are easy to employ. Sure, it may take a little extra time, but investing a few minutes each month is a small price to pay for protection and peace of mind.
How about you? Do you change passwords as often as you should? Are they sufficiently complex?