With the advent of modernization and technology, we see digitalization as a valuable and convenient method of doing transactions in our daily life. For instance, we now have online and mobile banking instead of physically going to the banks. Instead of going to shops, groceries, and boutiques, we can order clothes, food, and just about anything online. When COVID-19 surged, and social restrictions were established, we got even more reliant on digital technology.
Almost everyone has a number of digital accounts. Most of us may not even be able to track how many accounts we have across digital platforms, let alone the passwords, passphrases, or pins we use.
With so many passwords we must create and keep each time we register for a digital account, it can get overwhelming and taxing. This predicament even has a word for it – Password Fatigue.
Password fatigue is a condition that occurs when trying to create, remember and use different complex passwords for each of our online accounts. This issue places undue stress and frustration on individual users, organizations, and security professionals striving to protect critical data and other assets.
No matter the situation, we still must protect our passwords, passphrase, or pins, thereby protecting our digital accounts. Just as we protect our physical positions with locks and keys, our digital accounts operate similarly. After all, we do not want unauthorized persons to access our social media accounts, banking information, medical records, etc.
And to those in an organization – employees and employers alike, cyber security experts caution, “sometimes password cracking is not specifically about your account, but about using the access to your information to launch a larger attack to get access to your company’s system and launch a ransomware.”
As we’ve mentioned in our previously published Monthly Security Reminders, there is no “perfect” password in digital account safeguarding. Currently, there is no guarantee that specific techniques will prevent an attacker from cracking your password. The key is to make it extra difficult for unauthorized persons to discover your password or passphrase.
The National Institute of Standards and Technology (NIST) has published password/passphrase best practices guidelines. Visualize the password etiquette as a 2-step process of the protection layer. These are standards during creation in order to create a strong password/passphrase, followed by standards after password/passphrase creation to protect from leaking the information.
Use of a password manager application/software is encouraged. This digital tool creates randomly generated strong passwords for your digital accounts. You then access those passwords with a master password.
You may not notice password fatigue at once, but over time, most of us get tired of following strict guidelines or get distracted by many things we have in mind. We then get sloppy with passwords. We reuse old passwords/passphrases or sometimes opt to create weak ones. Utilizing password managers is the more advanced option to generate and manage strong passwords/passphrases constantly.
Sometimes sharing a password/passphrase/pin is inevitable, especially in organizations. There may be online tools, digital devices, locks, vaults, and other equipment that are used or shared within an organization.
One advised practice is to minimize the risk of password leaking. Do not share passwords in an unsecured manner. For example, sharing login credentials via unencrypted emails, writing a password on paper (worse – sticking it to the device or anywhere near it), or leaving a written password in areas where anyone can access it (on a table, in a drawer, pinned to cork boards, and others).
Remember, having a strong password is only half the job; the other half is to keep it secure.