History
The first password is said to have come from Massachusetts Institute of Technology (MIT) in the 1960’s when Fernando Corbató, one of the leaders developing the Compatible Time-Sharing System, realized that a password would be needed for multiple to people to use multiple terminals but have access to their own set of private files.
In 2005, Security Researcher Mark Burnett released a book titled “Perfect Passwords” suggesting that people should have their own “password days” when they dedicate time to updating their passwords. This thought inspired the Intel corporation to create a worldwide observance on the first Thursday in May. Over four decades after the original password creation, World Password Day was observed for the first time in 2013.
The Challenge to Change
As an IT security professional, one of the most basic principles I impress on my clients is to not go lazy on their password creation! It’s probably one of the most simple tasks for us to do, but the most tedious to keep up with.
If we look back through time, there is a reason why a majority of people ranging from small business owners to CEOs of Fortune 500 companies fall into the habit of poor password creation. Twenty or thirty years ago, you may have had just one or two passwords so you could log on to your computer and maybe your email, pretty simple right? Today, one person alone can have dozens of different accounts. This includes emails, TV streaming services, music streaming services, bill portals and so much more. As a society, we’re on account overload and the last thing anyone wants to think about is the 30 different passwords they need throughout the day, especially when they must be more complex than ever.
We are creatures of habit who like to do things that are familiar. Although we know the potential compromises we face, we all know friends or family who use one password for EVERYTHING due to not wanting to keep track of dozens of passwords. Despite that being understandable, all it takes is one hacker to guess the right password and leave you completely compromised.
Small Business Feels it the Most
Larger corporations usually benefit from extensive resources that might already be in place to handle a potential password theft. They are known for having a dedicated in-house IT team employed to ensure that in the likelihood a security issue like a password breach occurs, they’ll be able to jump on the situation immediately and lessen potential impact. In a situation like this, time is truly of the essence. On the flip side, smaller businesses usually don’t possess the same level of resources that larger businesses and corporations do. If a password breach occurs, the impact is much more devastating as sensitive documents that might be difficult to retrieve, or finances that are stolen, may be difficult to recover. With an already limited team, a small business owner has to now allocate time and more money into managing the breach, pulling them away from focusing on business operations.
The Do’s and Don’ts of Establishing a Password
Do:
- Look into passwordless options like biometrics (Ex: fingerprint or face scan access with your phone), typing pattern or voice recognition.
- Turn on multi-factor authentication, according to Microsoft, simply turning on MFA can block over 99.9 percent of account compromise attacks due to the extra layer of protection that’s being added.
- Leverage tools like YubiKey or Apple Keychain Access to store your passwords so you don’t have to.
Don’t:
- Use easily accessible info like your name, address, birthday, email
- Use sequential numbers or letters “vwxyz” or “12345”
- Extremely common phrases – According to a 2021 study, phrases “qwerty” and “password” are the 3rd and 4th most common passwords.
If your small business needs to enhance their security and integrate better password protocol, don’t hesitate to reach out to us at [email protected] with any questions so we can help secure your business and visit our website to learn more!
