Passwords. I know what you’re thinking – here we go again! While blogs and advice on passwords seem like a broken record, they are extremely important and must be discussed frequently.
As I discussed in my blog – Password Protection: Tips and Tricks from an IT Expert – ensuring that your passwords are complex is step one in protecting your personal and professional data online. But developing a complex password – with uppercase letters, symbols and phrases – doesn’t safeguard you from those peering over your shoulder, simply defined as operational security (OPSEC). As keepers of our professional and personal data, we are each the first line of defense against prying eyes.
As an Information Security professional, I often find myself amazed at organizations who have Clean Desk Policies and Password Policies, but a simple walk-through of office space provides a treasure trove of passwords on Post-it notes hanging on monitors, under keyboards, behind phones or located in the top desk drawer that is conveniently left unlocked. Or when individuals share their passwords or passcodes verbally or openly visible to others. Smartphones are the worst culprit. When speaking to groups, I often ask people to take out their smartphones and put them on the table. Nine times out of ten I can determine the four numbers associated with unlocking their device by the fingerprint marks left on the device. While it hardly takes a genius to determine that, it does limit the potential combinations that I – or a hacker – need to try – only 16 possibilities compared to 400 – in order to successfully break into the device.
Passwords Should Be Treated as a SSN
Would you ever consider giving a coworker – or worse, a stranger – your Social Security number or the PIN to your ATM card? Obviously, not. Passwords should be protected in the same regard. Hacking a personal email account can give a hacker access to multiple accounts from bank accounts to credit cards and everything in between. The information we are protecting is valuable to ourselves, our organizations and our clients and any breakdown could cause personal or financial devastation that could have been avoided.
4 Ways to Safeguard Your Passcode
If you take the time to implement a password protocol that meets today’s industry requirements for complexity and security, then you should take the time to safeguard that same passcode. There are a few key points to consider when implementing your own OPSEC:
- Know your surroundings; look for shoulder surfers – this is common in coffee shops, restaurants, airports, airplanes and other areas where people often have their smartphones, tablets or laptops, and might not be paying attention to those around them.
- Keep your screen clean – the oils from our skin leaves a residue on smartphones, tablets and touchscreen laptops; often in the most used locations – giving a hacker a hint to the location of your passcode or password entry area.
- Utilize the biometric authentication capability of your device – this will eliminate the ability of shoulder surfers to capture your passcode or password; it also keeps your screen cleaner with less touching.
- Utilize screen protectors that employ the Anti-Spy-Protectant layer which prohibits side viewing of your devices. This can be used on laptops, tablets and smartphones, prohibiting prying eyes from gaining insight into your password or passcode.
Unfortunately, the world isn’t perfect and we can’t prevent all hackings from happening, so in my next blog, I’ll discuss what to do if your password has been compromised.