Page 17 - PA_Enterprise_March-2024
P. 17
PAE
The problem here is that human nature is free trial, the idea is much the same. These
Help employees make complicated. It’s not just that users don’t single-use accounts are particularly useful
want to expend precious cognitive energy on
if you know you’re going to be immediately
remembering unique and complex passwords
subscribed to an endless barrage of
strong passwords a for every account. Often, they’re trying to avoid unappreciated sales emails for the rest of
that account’s lifetime (‘unsubscribe’ buttons
the feelings of frustration that accompany their
failure to easily recall the information. Simple
be damned). The unimportant passwords for
and familiar passwords will always trump these trivial accounts provide protection in
habit complex and more secure ones. Sadly, the their insignificance. If (when) these passwords
human factor of password security boils down
are stolen or these accounts are hacked, no
to what’s easy rather than what’s secure. May
This theft will not put any critical accounts or
the password gods forgive us. critical information or passwords are lost.
passwords at risk.
We’ve seen how this plays out. Despite
knowing the risks of weak passwords, which For these accounts, you could actually use
are vulnerable to brute force attacks, and a password as simple as a word, a few
repeating passwords, people do both over and letters, and a special character. For example:
over again. According to a 2019 Google poll, Frodo123! But never use this password again
over 52% of users admit to reusing passwords with any other email account. Reusing a
and approximately 13% admit to using one simple password across multiple platforms can
password across all accounts. Simultaneously, be the kiss of death.
68% of password users admit they reuse
credentials because they fear forgetting them; Level Two: A password phrase
and 36% do not consider their accounts Four- or five-character passwords, regardless
valuable enough to need more stringent of the combination of numbers, letters, or
security measures. symbols, are similarly vulnerable. That’s
why experts now recommend at least a
So what can companies do? The good news 12-character password. The problem is
is it’s not a question of choosing between that no one likes to remember a bunch of
gold standard security or nothing at all. long, complicated passwords. Here’s where
Instead, companies need to find the approach password phrases come in.
that works best for their people — and that
employees will actually follow. Here are five A password phrase is longer in length than
recommendations that managers and IT a simple one-word password but easy to
departments can share with employees and remember. Most of us should be using
teams to help them find — and use — the right password phrases instead of words to
level of protection for any situation. increase character length, but they should
not be something as simple as song lyrics
Level One: The throwaway password (professional hackers have been on to this
A throwaway password is one that is utilized ploy for years). Using ‘everybreathyoutake,’
with a throwaway email address. If you’ve ‘oopsididitagain,’ or ‘igottafeeling’ is practically
ever created a burner email address to use a
March 2024 17
