What does COVID-19 mean for password hygiene?
With the advent of remote-working in response to COVID-19, we’re all making necessary adjustments. We’re incorporating new behaviors into our day-to-day life, such as limiting our time out of the house to essential shopping or exercise, and are now using our homes for activities that we’re otherwise used to performing out in the world.
We’re adopting new indoor exercise routines, frequently preparing our own meals in favor of the usual take-out, and have had to establish boundaries between working space and relaxing space within our own houses. Most notably, it’s reported that hand-washing is up by 1000% across the globe (don’t fact check me on that).
While we adjust and make preparations during this unprecedented time, it’s important that we take consideration for some of the subtler changes pertaining to safety as well. One of which being simple password hygiene.
It didn’t take long at all for scammers to jump at this opportunity and roll out a plethora of COVID-19 scams, but this isn’t the only way they’re exploiting and profiting from the masses during this time. Hackers & scammers are well aware that with the move to home-offices, comes a move away from office security.
Things like network security, access control, and general password hygiene are more exposed now than they have been for a long time
In the migration to our home-offices, most of us are taking passwords that were previously used only on secure office networks and entering them into home machines with lower standards of security. Furthermore, systems that we never had to re-log into, or that we’ve forgotten the passwords for, are having their passwords reset for the home-office.
When re-entering or changing passwords for your work systems, it’s a critical time to reconsider how strong they are, and how long you’ve been using them.
To ensure that your passwords aren’t compromised as a result of the change in workplace security.
Make the switch to passphrases.
A passphrase, simply put, is an anagram. Rather than using a simple word with some numbers, it’s encouraged in modern online safety to use complicated passwords. These can be made easily by using a phrase that you’re sure to remember, and flipping it into a passphrase. For example:
”Jack and Jill Went Up The Hill” can be used as a passphrase such as “JaJwUtH”.
Add a few numbers and a symbol to the end of that, and straight away you’ve created a strong, memorable passphrase.
Don’t re-use or share your passphrases.
I like to think of each of my passphrases as though they were my toothbrush: I don’t re-use them too much, and I never share them with others.
In most cases when your passphrase is stolen or compromised, it tends to sit on the dark-web for anywhere between a few weeks to a few months. By changing your passphrases regularly, and by using unique passphrases for each essential login, you prevent cybercriminals from being able to use stolen credentials to access your systems in the long run.
As for sharing them around, if you have team-workers or managerial staff who share a login system with you, it is key that wherever possible you are using separate sets of logins, and most importantly, that those logins are not shared between other systems.
Use a password manager!
Finally, we recommend using a password manager to store your passwords. Between the cyclical news surrounding COVID-19 and our frequently changing workloads as a result of it, our brains are full up.
It’s encouraged to use complex and unique passphrases across a number of devices, but we couldn’t reasonably ask you to remember them all.
This is where password managers come in. Their secure programs that typically plug straight in to your browser, and work like an encrypted encyclopedia of all your login credentials.
Most password managers don’t just remember the passwords, but typically enter them in for you, enable two-factor support, and even create secure, randomly generated passwords for you where needed.
Of all the advice in this article, password managers are likely the most essential. We recommend 1Password, LastPass, and Google Password Manager.