Past Words on Passwords

Back in late 2013 I wrote a series of articles regarding passwords which covered why we need them (amazingly still a question I was having to answer on occasions), how one can arrive at a good password, and how to keep it memorable without using the same password everywhere.

One of my less fashionable statements at the time was that I was not convinced by the logic of regularly changing passwords despite the fact that many compliance audits insisted upon it. It is interesting to note that the original source for that advice, password guru Bill Burr, admitted last year that he thinks the theory of regularly changing passwords came unstuck in practice, agreeing with the same reservations I have often expressed when consulting. You can read more on his change of heart here.

The final paragraph in my December 2013 article touched on how other tools are available to help us manage multiple passwords and this has become my preferred method of password management. I am now at the point where I don’t know many of the passwords I use – I simply rely on a single, complicated yet memorable password to encrypt my KeePass database and then use the randomly generated, complex passwords provided by the software for the various web accounts I have to manage and maintain. A data breach from any single supplier which included my username, email address and password would only be useful in isolation for the compromised site as the same set of details will not unlock any other account I use.

With many well publicised data breaches making the news in recent years we need to recognise the dangers of reusing the same password in multiple locations. Much better to have multiple, complex and differing passwords used across different sites and managed by an appropriate tool than relying on “MyDogSnores1”, for Facebook, “MyDogSnores2” for Amazon, etc.

For help on secure and appropriate password policies, please contact us on 0118 976 7111.