Category Archives: Passwords

Passwords – again

To mark World Password Day, I thought I’d run through some statistics and hints:

  • 76% of people use the same password up to 14 times;
  • The average password has 8 characters or less;
  • 68% of people are worried that they will forget their login information;
  • 92% of passwords include readily available information.

Which means if a hacker gets hold of your simple password they could get into every on-line account you have!

So use a combination of UPPER and lower case, numbers and symbols, like 0C^7G0xSaqoqB9st. OK, quite hard to create or remember yourself but password managers generate and remember them for you.

So use a password manager like bitwarden (free) or lastpass (mostly paid for).

And if you can, turn on 2FA (two-factor authentication) where after login you are, for example, sent a code by SMS that you enter to prove it is you. Some people say 2FA by SMS is insecure but it is better than nothing.

Your digital Legacy

If you are reading this, then a lot of your life is already digital: bank accounts, bills, social media and on and on. Sorry to be a bit grim, but what happens to all this when you are no longer here.

It is important to think how others will be able to sort out your estate and also to ensure what you want keeping is kept and what you want deleting is deleted.

The Digital Legacy Association has been set up to be a resource for advice to you, loved ones and professionals about this area, making things less stressful or expensive. Things like digital wills covering digital assets, writing down your master password for your password manager and codes for devices (storing this piece of paper very securely!).

It’s never fun to think about these things (Probably why 60% of people don’t make a will) but it will make things a lot better for those left behind (as does a will).

Staff often take more than their pencil pot when they leave

Just been reading a report from Code42. The Office for National Statistics says that 10% of the workforce is involved in changing jobs. The mileage of any staff you have may vary.

Much more data is cloud based rather than being on-site, which makes it accessible to the world. That’s why we have strong passwords and multi-level authentication. Yet your employees need access so they can do their jobs!

Code42 says that workers leaving employers report that 87% of former bosses didn’t check they weren’t taking data with them when they left whilst 32% of new employers actively encouraged new staff to share data that they had with their new colleagues.

Now staff have information in their heads, but 73% had access to data they hadn’t created, 69% to data that they had no involvement with and 59% to data from other departments (Thanks to Davey Winder for bringing my attention to the report).

That might all seem a bit corporate and nothing to do with small businesses, but take heed. Your CRM system has customer data just waiting to be sucked onto a USB stick. And that is just one example.

You need to take precautions. I’ve sat in the room next door to a meeting involving termination waiting to change passwords to everything the worker has access to. But if they made the move and resign, when do you lock them out? There and then? On their last day? Have they downloaded everything before resigning? In that case maybe you should have a clause in your contract about data access and ownership when they join.

Remember these days your company data is your company.

Keeping your data safe

I hardly see any desktop computers these days as laptops can be better value and more useful for most people. Yet they are used in public far more and really easy to leave behind – along with everything you know.

So what can we do to protect ourselves? Sure, a logon password keeps casual people out, but it is really easy to pop the drive out and read it using quite cheap software.

We need to go further. Windows comes with Bitlocker, a standard Windows 10 Pro feature for computers with the correct hardware. That means most modern ones. Windows 10 Home has a similar feature called Device Encryption. You select a password or USB as the unlocking tool for everytime you start your PC. Bitlocker then encrypts all or part of your hard drive over the next few hours.

An alternative is the open source VeraCrypt, which I use. It comes versions for Windows, OS X and Linux.With Veracrypt one creates a special file with a very secure password. When I open the file with Veracrypt, I enter the password and the file appears on my computer as another disc drive that I use just like any drive. When I close the file everything on that ‘drive’ is secure.

And I mean secure. Even the FBI have tried to break it and didn’t. So if you forget the password then no-one can help you.