“Private Pyle! Why is your footlocker unlocked? Private Pyle, if there is one thing in this world I hate, it is an unlocked footlocker! You know that don’t you?”
-- Gunnery Sergeant Hartman
“Why don't you know your password? Are you not using Eric Jackson's Best Practices for Password Security?!
-- Eric Jackson
Sergeant Hartman does not hold back on Private Pyle when, during a routine inspection, he finds Private Pyle's foot locker unlocked. The Jelly Donut scene of the classic Vietnam War movie Full Metal Jacket* is an object lesson to everyone with regard to their belongings.
Any police officer will tell you: the primary reason cars are burglarized is many owners leave their car unlocked in their driveway at night.
Not satisfied with simply leaving the car unlocked, many also leave valuables in plain sight, ready for the taking. I'm talking about purses, wallets, AND the keys too. You might as well post a sign on your windshield: "FREE STUFF - TAKE WHAT YOU WANT."
I have to ask: are these the same people who leave stray grocery carts in the parking lot, throw their gum on the sidewalk, and don't use best practices for password security? I'm guessing that's a big "yes."
And if you're not using my Best Practices for Password Security, you're virtually begging for someone to find and take your online jelly donuts (or other prized belongings.) By performing a few simple tasks, you can lock down your digital world from theft AND free your over-worked brain to remember more important things than that lame password consisting of your daughter's initials and the year she was born. Yeah, I'm looking at you.
Eric Jackson's Best Practices for Password Security
#1: Don't Remember Your Passwords
That's right; quit trying to remember your passwords. You are absolutely terrible at remembering your passwords. I've watched you. You look like a deer in the headlights. Just know that if you're struggling in front of me, trying to remember your password, I'm judging you like the Supreme Court.
I know only two passwords: (1) my computer login and (2) my password manager login. That's it. The rest of them - and there are hundreds - are stored in my password manager.
#2 Don't Create Your Passwords
Just stop trying. Creating passwords is for machines. Any good password manager is going to have a secure password generator that will create a password infinitely more secure that you ever could, even if you dropped your cat on your keyboard. Save your creativity for something more fun.
#3 Don't Use Recycled Passwords
Job One for a password is to keep the wrong people out of your accounts. Job One (a) is to keep the wrong people out of ALL your accounts.
When you recycle passwords - using the same password for multiple accounts - you increase the chances you'll have several accounts compromised simultaneously. Imagine simultaneously losing access to your email, bank account, and credit card login. It's not pretty.
So don't recycle passwords. Each time you need a password, turn to your password manager with its secure password generator. It will spit out a unique password for each of your accounts at no additional cost. Yes, of course they're free. Use as many as you like!
#4 Use Two-Factor Authentication
Some website logins will enable you to use two-factor authentication. Use it.
If you try to login, you'll be prompted to enter a code generated by your password manager on your smartphone before you can finish logging into your account. If you don't have your smartphone (and you always have your smartphone,) you won't be able to login even if you have entered the correct password.
What's the advantage of this extra step, you ask? If your password does get compromised, the online thief won't have your phone and won't get into your account. That is powerful. We use it at Keystone. No employee can login to their workstation remotely without using two-factor authentication, making our network much more secure.
#5 Use a Password Manager
Surely you saw that one coming. If you're no longer going to remember or create passwords AND not use the same password more than once and use two-factor authentication when available…you're going to need a password manager.
Will you spend some time and effort implementing a password manager into your life? Yes. Will it occasionally slow you down? Yes.
But frankly, the math for best practices for password security is really easy. Take the time you will save because you can always access the correct secure password in seconds. Multiply it by the security and freedom you will enjoy by no longer being a prisoner of your bad password habits. The sum is massive and the benefits are powerful.
I Challenge You.
That's right, I'm challenging you to get your act together, follow my lead, and use Eric Jackson's Best Practices for Password Security. And for the first three Keystone clients who email me, ready to repent and change their sinful password ways…I'll spend up to 30 minutes with you at Keystone World Headquarters in Goodlettsville, Tennessee helping you get setup on LastPass (LastPass subscription is required!)
We're big on security. Want some help with IT Consulting in the Nashville area? Give us a call.
*The Jelly Donut scene is "not suitable for work." You've been warned.