Creating and Managing Passwords
May 3, 2017
How many times a day do you access applications or websites that require passwords? The temptation is to make passwords simple or reuse the same password. The 2017 Verizon Data Breach Investigation Report found that 81 percent of hacking-related breaches succeeded through stolen passwords or weak passwords. That’s an 18 percent increase from last year’s report, suggesting that rather than getting better, password security is getting worse.
Common password problems are using simple passwords that are easy to hack and the same one for many sites. Then there is the problem that you can’t remember them all! Ah, the joy of managing passwords. Here are two ways to protect your data. First, learn how to create a solid password. Next, consider a password management system.
You know that your passwords have to be unique and strong. But what exactly gives passwords these traits? This list of Dos and Don’ts will help you create a super strong password to safeguard your patient’s or client’s protected health information:
- Do use 12-15 characters for each password. The longer, the better.
- Do consider using a phrase or sentence you can easily remember your password including numbers and special characters.
- Do use special characters in atypical places. For instance, use a number in the middle of a word rather than before or after it.
- Do consider length more than complexity. Studies show that a 15-character password with special characters is more secure than a short one of all unique characters like 5&Hq%.
- Don’t use easily guessed passwords like family members’ names or birthdates.
- Don’t use single words found in the dictionary such as watermelon or even watermelonseeds as standalone passwords.
- Don’t reuse passwords at multiple sites.
- Don’t share your passwords with anyone. If you have to, immediately change your password as soon as someone else has used it.
- Don’t use passwords based on adjacent keys on the keyboard, like asdfjkl;.
Since you’re now the resident expert on password creation, how can you organize all of them? A password management program lets you store and organize passwords in a single spot, so a single, master password gives you access to your complete password database. Pixel Privacy writes that a good password manager will offer secure storage of your login information, syncing between devices, the ability to create secure passwords, the storage of notes, and a browser plugin. Last month, PC Magazine published an article comparing several different password management programs. For roughly $12 to $45 dollars a month, you can pay a service like Dashlane, 1Password, LastPass, etc., to securely keep your passwords at your disposal.
Within these programs, you can define your own passwords, or they can create unique passwords for you. To make it easy, these programs can be accessed not only on your work computer but also on your cellular phone or other devices. They may be a great help, but remember that your master password to the program becomes the one and only access point to all of your other information. Concerned about the security of these management programs? A recent article in Macworld will reassure you they are a reliable tool.
Password creation and accessibility aren’t for the faint of heart. Will it always be so difficult? Maybe not. Biometric sensors like iris scanning and facial recognition are becoming increasingly popular forms of authentication. These biometrics sensors can’t stand alone as a strong security solution, but we’re already seeing them more and more as part of a multi-factor authentication solution.
For the meantime, with security breaches rampant, password security is something you and your company can’t take lightly. Make it a habit of creating strong passwords. If you can’t organize them in a safe way, a password management system just might be the help you need to secure the PHI for which you’re responsible.
Sign up for Our Blog
June 25, 2019
Andrew Kroninger, Total HIPAA’s Director of Customer Success, recently interviewed Erik Kangas, founder and CEO of LuxSci. LuxSci provides email encryption, web hosting, forms, and secure sending services for HIPAA… Read More ›Read More
June 12, 2019
This week, the Vermont Supreme Court issued a landmark ruling, regarding HIPAA lawsuits, that could potentially change the way individuals hold their healthcare providers accountable for breaches of PHI (Protected… Read More ›Read More