Healthcare Compliance & HIPAA Resources

 

Healthcare Compliance & HIPAA Resources

 

Password Protection

November 2022

Digitalization acceleration.

With the advent of modernization and technology, we see digitalization as a valuable and convenient method of doing transactions in our daily life. For instance, we now have online and mobile banking instead of physically going to the banks. Instead of going to shops, groceries, and boutiques, we can order clothes, food, and just about anything online. When COVID-19 surged, and social restrictions were established, we got even more reliant on digital technology.

Almost everyone has a number of digital accounts. Most of us may not even be able to track how many accounts we have across digital platforms, let alone the passwords, passphrases, or pins we use.

Password pickle.

With so many passwords we must create and keep each time we register for a digital account, it can get overwhelming and taxing. This predicament even has a word for it – Password Fatigue.

Password fatigue is a condition that occurs when trying to create, remember and use different complex passwords for each of our online accounts. This issue places undue stress and frustration on individual users, organizations, and security professionals striving to protect critical data and other assets.

(Source: techrepublic.com)

Digitally defensive.

No matter the situation, we still must protect our passwords, passphrase, or pins, thereby protecting our digital accounts. Just as we protect our physical positions with locks and keys, our digital accounts operate similarly. After all, we do not want unauthorized persons to access our social media accounts, banking information, medical records, etc.

And to those in an organization – employees and employers alike, cyber security experts caution, “sometimes password cracking is not specifically about your account, but about using the access to your information to launch a larger attack to get access to your company’s system and launch a ransomware.”

Password & Passphrase Protocol.

As we’ve mentioned in our previously published Monthly Security Reminders, there is no “perfect” password in digital account safeguarding. Currently, there is no guarantee that specific techniques will prevent an attacker from cracking your password. The key is to make it extra difficult for unauthorized persons to discover your password or passphrase.

The National Institute of Standards and Technology (NIST) has published password/passphrase best practices guidelines. Visualize the password etiquette as a 2-step process of the protection layer. These are standards during creation in order to create a strong password/passphrase, followed by standards after password/passphrase creation to protect from leaking the information.

Best practices when creating a password/passphrase:
  1. 1. Create the longest password or passphrase permissible (8–64 characters). The longer the password, the lengthier the time it will take cybercriminals to crack the information.
  2. 2. Include upper and lowercase letters, numbers, and special characters. However, some accounts do not accept spaces or certain special characters. Use a combination of the special characters that are allowed.
  3. 3. Try different variations of a passphrase. For instance, instead of “I worked as an assistant teacher back in June 2010 at San Jose, California,” we can create “iwAaaT!bij?10aSJc.”
  4. 4. Avoid common phrases, famous quotations, and song lyrics.
  5. 5. Don’t reuse passwords or passphrases.
  6. 6.

    Use of a password manager application/software is encouraged. This digital tool creates randomly generated strong passwords for your digital accounts. You then access those passwords with a master password.

    You may not notice password fatigue at once, but over time, most of us get tired of following strict guidelines or get distracted by many things we have in mind. We then get sloppy with passwords. We reuse old passwords/passphrases or sometimes opt to create weak ones. Utilizing password managers is the more advanced option to generate and manage strong passwords/passphrases constantly.

  7. 7. Do not use any of your personal information as a password.
  8. 8. Do not use words found in dictionaries. Cybercriminals are known to launch a “dictionary attack.” It is a password-cracking application technology that systematically enters every word in the dictionary to key in passwords.
Best practices to protect your passwords/passphrase:
  1. 1. Use a password manager. Apart from creating strong passwords/passphrases, this software/application also has other advantages. It makes it simple to access/manage your passwords/passphrases across various digital accounts.
  2. 2. Do not write down passwords/passphrases, and leave them someplace where others can find them.
  3. 3. Do not tell anyone your passwords.
  4. 4. Beware of cyber actors or schemes trying to trick you through phone calls or email messages requesting that you reveal your passwords.
  5. 5. Remember, depending on web browser settings, it can save passwords and your online sessions in the system’s memory. Anyone with access to the computer may be able to discover all passwords and gain access to your information.
  6. 6. Avoid using public computers and public Wi-Fi to access sensitive accounts.

To share, or not to share.

Sometimes sharing a password/passphrase/pin is inevitable, especially in organizations. There may be online tools, digital devices, locks, vaults, and other equipment that are used or shared within an organization.

One advised practice is to minimize the risk of password leaking. Do not share passwords in an unsecured manner. For example, sharing login credentials via unencrypted emails, writing a password on paper (worse – sticking it to the device or anywhere near it), or leaving a written password in areas where anyone can access it (on a table, in a drawer, pinned to cork boards, and others).

Remember, having a strong password is only half the job; the other half is to keep it secure.