Secure passwords


Despite wide-spread knowledge on the risk of using a weak password, 123456 is still a common password in use by a number of users. You’re probably wondering who would still use this password. Well, close to 103 million people around the world according to NordPass’ report.

While this is alarming, let’s just take a moment to consider why users choose simple, easy-to-remember passwords despite being aware of the risks.

Password overload: How big of a concern is it?

According to a survey by Dashlane in 2017, average American users have about 150 online accounts that require passwords. Now, a genius or someone with photographic memory might be able to remember 150 strong and unique passwords, but for the average person, this is a feat close to impossible. So while choosing a weak password like 123456 is a major lapse in judgement, it’s understandable why people do it.

Password overload can lead to one of the two problems

1. Reducing, recycling, and reusing passwords: Using a set of say 4-5 passwords for all your accounts and making minor edits to them when prompted to reset passwords.

2. Taking the simple route: Using effortless, easy-to-remember passwords like 12345, qwerty, password, and a range of 200 similarly easy-to-guess passwords that take less than a second to crack.

Most often, we choose convenience over security when selecting a password, because what are the odds of being hacked, right? More than three in five consumers say they are ready to risk their online privacy to make their life easier, according to a report by Norton. However, considering the increase in phishing and other cybercrimes, it’s high time we seek ways to ensure security without compromising on convenience.

Can security and convenience coexist when it comes to setting passwords?

When sensitive information, money, and identities are on the line, we have to prioritize security over convenience. But knowing and following certain best practices when it comes to setting and maintaining passwords could give us the best of both worlds.

World Password Day is observed on the first Thursday of May. This day is a reminder to check up on our password setting habits and enhance them if needed. Here are a few password best practices that you can follow to boost your password strength:

  • Use a long password. Though the minimum safe length of passwords is 8 characters, it’s safer to have passwords that have 12 or more characters.

  • Use multi-factor authentication. Have at least one other method of authentication required after entering your password. This can be scanning a QR code, entering a one-time password sent to your email or phone, biometrics, etc.

  • Have passwords that are a mix of numbers, special characters, and upper and lowercase letters. It is more difficult to hack if the special characters are rarely used, e.g., -, “, ~, (.

  • Never ever write down your passwords on sticky notes or maintain them in plain text. Instead, keep them in encrypted format within your trusted password vault.

  • Change your passwords at least once every 90 days. Don’t reuse old passwords when you change them.

  • For businesses managing hundreds of endpoints, have good password management software in place that can be used to check password strength, remind employees to change passwords, and monitor the overall password strength of all accounts in the enterprise.

  • Use single sign-on if your enterprise requires employees to interact with a lot of applications to avoid password fatigue.

  • Train and create awareness amongst employees so they all know the best practices for password management.

How ManageEngine Endpoint Central helps with password security

With its vast collection of security featuresEndpoint Central helps in managing and securing passwords in an enterprise. With Endpoint Central, you can:

  • Configure policies to set password expiration dates, change passwords, and reset local admin passwords all from a single console.

  • Enable BitLocker encryption and check for the Trusted Platform Module (TPM) in your endpoints. Set a passphrase to secure computers without a TPM.

  • Detect password-related misconfigurations in the network and, once detected, carry out the provided remediation steps to strengthen your network.

  • Secure your mobile devices by containerizing corporate and personal data, enforcing geofencing policies, and performing corporate wipes on lost or stolen devices.

A little thought goes a long way in protecting what’s yours. World Password Day or not, let’s pledge to not make it easy for hackers who are trying to brute force their way into our networks. Let’s revisit our password policies and ensure they are strong enough to handle security threats that target them.

Karthika Surendran
Analyst Relations Specialist