Secure IT: Recycle Your Paper, Not Your Passwords 

October is National Cybersecurity Awareness Month (NCSAM), and this year’s theme is “Own IT. Secure IT. Protect IT.” We’ve discussed the overarching goals of NCSAM before, and began exploring the theme last week.

Part 2 of 3 in our NSCAM theme dives into an important part of Secure IT—Shake Up Your Passphrase Protocol: create strong, unique passphrases. We’ve covered building a strong passphrase before, but passphrases also need to be unique to be truly formidable. Why? Read on.

Reduce Password Reuse

Employees use many different programs at work, and it can be tempting to reuse the same password for some or all accounts. This [unsafe practice](https://www.defendify.com/cybersecurity-blog/2020/01/20/your-technology-and-data-use-policy-means-online-safety) is called “password recycling,” and it’s quite prevalent: a recent report showed that 59% of people use the same password for just about everything.

A password, no matter how strong, loses its purpose when recycled (i.e. reused). Here’s how it works:

  1. An employee creates an account using their work email and a recycled password. For this example, let’s say they ordered pizza for the office (it could be from a local shop or large franchise, but keep in mind even large and reputable companies can be breached).
  2. The pizza restaurant stores the employee’s login and password in their database, which is then breached by a cyberattacker.
  3. The cyberattacker tries the password on common business accounts: Google, Office365, etc. until they find a match (or matches). They now have access to all the employee’s work accounts and sensitive information—far beyond pizza preferences.

Using unique passwords and 2FA for each account is the best way to avoid this chain reaction. And if your password gets compromised, just trash it! It’s important to change your password immediately any time a Stolen Password Scan or other alert notifies you that your account is compromised.

Phrase Out Recycling

Creating and remembering all those passwords is tough, but the good news is there are plenty of alternatives to recycling.

As NCSAM recommends, using passphrases can help address this issue, as they are both long and memorable. Here’s an example—which would you rather remember?

  • I ate 26 slices of pepperoni yesterday.
  • 9ZvjmLZXn@UT2xIG$37y

Both are strong, but the first passphrase is simpler to remember and type (not to mention more fun). It’s much easier to use unique passphrases than to remember multiple strong random passwords.

A Single (Sort) Solution

You can also explore technology to help customers enforce a unique password policy. A company-controlled password vault or single sign on (SSO) system is a great option that avoids the problem of remembering and typing passwords and may also improve productivity—employees won’t waste time forgetting and resetting their password and won’t get locked out and need to contact the help desk.

One consideration, however, is that this creates a single “point of failure,” so remind your customers to use a very strong passphrase and 2FA for the vault or SSO system login to keep everything else well-protected.

This NCSAM and throughout the year, shake up your passphrase protocol, and remember that recycling is for paper, not passwords!

Stay Safe,

Your Friends @ Defendify

Resources & insights

Why You Could Be Denied Cyberattack Insurance Coverage
Blog
Why You Could Be Denied Cyberattack Insurance Coverage
As you’re working toward achieving robust cybersecurity, the subject of cyber attack insurance coverage and cybersecurity insurance requirements is sure to enter the discussion.
Cost of a Cyberattack vs. Cybersecurity Investment
Blog
Cost of a Cyberattack vs. Cybersecurity Investment 
Detailing the cost of a cyberattack versus the ROI of a cybersecurity investment enables leadership to see cybersecurity solutions are worth it.
Defendify Listed as a High Performer in Six G2 Grid Categories
Blog
Defendify Listed as a High Performer in Six G2 Grid Categories
The Defendify Cybersecurity Platform has been listed as a High Performer in six Summer 2022 Data Security Software Category Reports on the technology review site G2.

Protect and defend with multiple layers of cybersecurity

Defend your business with All-In-One Cybersecurity®.

Explore layered
security

Learn more about Defendify’s three key layers and All-In-One Cybersecurity®.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.

Take the first step toward comprehensive cybersecurity with a free Defendify Essentials package

Gain access to 3 award-winning cybersecurity modules. Nothing to install. Nothing to pay for.