Give your password a workout…

August 30, 2016|Steve Hyde

We’re constantly bombarded with reminders to pump up and stay fit. You’ve got yoga on your calendar and you’re training for your next 5K run. But, have you considered the fitness of your computer security? Well, here’s your cue to think about it.

When is the last time you changed your password?

I don’t mean changing it from Password12! to Password13!, either. I mean really changing it. Odds are good that you’ve only altered it slightly, and even strong eight-to-10 character passwords (containing letters, capitalization, numerals and symbols) just aren’t that strong anymore.

With the considerable advances in hacking technology, it takes a good two hours for a hacker to compromise your eight-character password, regardless of the character types. And while technology has advanced to defend against these attacks—using things like two-factor authentication, advanced firewalls, penetration tests, vulnerability scans and more—there are still things you can do to help yourself.

Where to start

At a minimum, create a password with at least eight characters of mixed type. To make the password more secure, you can make substitutions, such as $ch3nck#, which can make it harder for a hacker attempting a quick attack. A password like X9%kt34P$1 would be even better, but I’m guessing that’s going to be harder to remember.

One method that’s gaining more attention is password phrases—an easier-to-recall phrase that drastically reduces that chance of being compromised. For example, Jack_Soccer_Goalie10! or Nick_Candy_Likes4$. I do expect that biometric passwords, such as fingerprint or retina scans, will continue to increase in popularity as the technology behind these security measures advances.

Avoid using the same username and password combination for multiple websites. While easier to remember, it’s especially risky using the same password for every site that you may visit. Try to use different passwords for each new website or service you register for.

Tie a string around your finger

Having trouble remembering all those different strong passwords? I recommend against keeping a list of logins and passwords in a Microsoft Word document or Excel file on your computer. Technology is readily available to crack MS Office documents, and if your computer were to be hacked this would make it even easier for them to access all of your applications.

Try using a password manager application that organizes and protects passwords and can automatically log you into websites. Two of the best ones I’ve found are Dashlane and LastPass.

Last, but not least

Finally, keep your passwords secret! A strong passphrase on a Post-It note taped to the monitor or under your keyboard is like an open invitation.

More important, don’t forget to lock your computer if you walk away from it—passwords are useless if the computer is left logged in to critical applications.

Final thoughts

I wholeheartedly agree that all of this security takes time out of an already busy day. Seconds logging into website applications, minutes looking up usernames and passwords in a password manager… but this pales in comparison to the months it could take to repair your credit or regain your identity should a malicious hacker compromise your sensitive data.

Concerned about your organization’s IT security? Contact Steve Hyde, director – IT consulting, at 920-996-1292 to learn how Schenck’s IT Risk team can help. It may be the best way to maintain your security and win the race against malicious hackers.


Steve Hyde, MS, MBA, chief information officer and director-information technology services, has more than 20 years of technology-related business experience including business process redesign, hardware/software assessment and implementation, PMO creation and project management methodologies, metrics/dashboard creation, and designing technology strategy and controls.