Proudly serving Virginia, Maryland and DC // Call us today! 703.396.6120
V2 SystemsV2 Systems
Password Security in 2020 - Part 1

by Erik Briceno

Major players like Microsoft are trying to phase out the use of passwords completely in favor of stronger and more user-convenient security measures. While it’s true that passwords are disappearing, it will still be quite a while before they’re gone completely. Many platforms are certain to use them for years to come. So, until that happens, strong password habits will continue to be your first line of defense against falling prey to brute force hacking, phishing, data breaches and more. In part one of our segment on password health, we’ll share the best password practices for 2020.

Do not use the same username and password on multiple platforms.

We get it. You have a lot of different programs, devices, social media platforms and accounts to sign into. It would be so much easier to simply have one password to log into them all.

Please, avoid this temptation. It’s a very common one. And it’s also one of the top reasons people get their accounts hacked. The reason is pretty simple, and often it has nothing to do with the strength of the password itself. All it takes is a single breach on the end of one of the companies that one of your accounts belongs to. For example:

MicrosoftMyIncrediblyStrongPassword (Don’t use this, by the way.)

FacebookMyIncrediblyStrongPassword

AmazonMyIncrediblyStrongPassword

“Corporation Z” WebsiteMyIncrediblyStrongPassword

While most on this list are likely to have strong security, all it takes is one smaller company with below-average security (such as random “Corporation Z”) to have your username and password leaked into the wild. That username and password will then be used to try to gain access to all of your accounts. And you would be surprised how successful this method often is.

It should be noted that even Microsoft was recently breached at the time of writing this, exposing around 250 million account records.

Make your passwords complex.

Password Security in 2020 - Part 1Given that most people choose easy-to-remember passwords, many can be discovered using simple algorithms. These algorithms are available to anyone, so simple and commonly used passwords enable anyone to easily gain access and control.

For the most part, the longer and more randomized a password is, the better. It doesn’t have to be a random assortment of characters. But bizarre, mixed and matched words with a number, symbol and capital letter can do pretty nicely. They can be silly and easy to remember, but it has to be something only you would remember.

For example, do not use your cat’s name. Instead, use something like: My8catsdanceacrossthewater&it’sfunny!

It’s long, complex and easier to remember than random letters and numbers, but still sufficiently randomized to avoid most commonly used algorithms. (You’ll have to come up with your own now though, instead of that one.)

Do not use your names as passwords.

Don’t use anything that can be discovered on social media. It might sound crazy, but there are entire rooms of hackers that are actually paid to sift through millions of Facebook profiles and other platforms, searching for minute pieces of information about users. Maybe you posted a picture of your dog and commented on it 10 years ago. Perhaps you shared a photo of a family gathering, and your mother was tagged in the photo, where her own account displays her maiden name.

There are any number of tiny bits and pieces of data that can be constructed to put together a profile of you, which in turn creates points of entry into your accounts using this data. The data can be used not just for the passwords themselves, but also for possible “secret question” answers.

We’re still going to be reliant on passwords for some time. But fortunately, 2020 offers additional means of account protection that can be used in conjunction with standard password practice. We’ll be covering some of those methods in our next article, but until then,

Makeyourcatdothetangobutdon’tnamehim!

Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!

ebriceno
About ebriceno
Erik Briceño is the owner of V2 Systems, Inc., one of Northern Virginia’s leading Information Technology Managed Service Providers. He is an inspiring leader for its employees and instrumental business partner for its customers. He is passionate about V2’s purpose, dedicated to exceeding expectations and a consummate professional not afraid of jumping in and getting his hands dirty. Prior to joining V2 Systems in 2002, Erik was a co-founder and COO of Ampcast.com, a leading provider of online resources servicing over 5,000 independent musical artists. At Ampcast.com, Erik spearheaded all aspects of corporate development, funding, strategic vision, and business development for the firm. From 1997 to 1999 Erik held the position of Acoustic Systems Engineer for Electric Boat Corporation, a leading defense contractor. In this role, Erik was responsible for the acoustic fidelity of two noise critical systems and components in the US Navy’s nuclear submarine systems. Erik holds a B.S. in Mechanical Engineering from Vanderbilt University and a Masters of Business Administration from George Mason University. When not working, you will find Erik a dedicated family man, raising two young children with his lovely wife Karen. Together, they enjoy building legos, playing baseball, skiing, riding horses, swimming, traveling, and fixing up old Mopars.
Password Security in 2020 - Part 1
Password Security in 2020 – Part 1