How Protected Are Your Passwords?

If I asked you to estimate how many passwords you have, what would your guess be? 20? Maybe 30?

Chances are you’re underestimating. According to research by NordPass, the average person has 100 passwords.

If you’re supporting multiple executives, chances are that number is even higher for you.

Think about it. You need a password to boot up your work computer, log in to your network, access your office intranet, open your project management software and access your cloud server. That’s five passwords before you can even start your workday!

Do you work with sensitive material? Your files are probably password protected. Do you handle your executive’s inbox? There’s another password.

Streaming services, subscriptions, websites, online shopping, travel, financial services – almost everything you do online requires a password of some sort, and even if you don’t use all of them on a daily basis, they’re still at risk of being compromised if you’re not careful enough.

Password management and protection is crucial for admins. But a lot of people don’t understand how passwords work or why they’re so important.

Website security

Before we get into the nuts and bolts of it, it’s important to have a working knowledge of website security.

Open your browser and go to your favourite site. Now, look at the address bar. If the address begins with https and displays a lock on the left-hand side, it means the site is secure and encrypted. You can safely enter your password.

If the address starts with http, however, the connection is neither encrypted nor secure. You may as well write your password down on a giant sticky note and hang it on the break-room fridge.

Never enter your password on any page that isn’t secure. You’re asking for trouble.

How passwords work

Have you ever forgotten a password and wondered why the site requires you to reset it instead of just sending you your original password?

It’s because, ideally, the site won’t “know” your password at all. When you create a password, the site automatically “hashes” it, turning it into a random stream of characters. That random string of characters is then stored in their database.

The next time you log in to the site, your password is once again hashed as you enter it. Then the site compares it against the stored hashes to make sure they match. Hashing is a great security protocol because when a hacker steals hashed passwords, that’s all they’re getting – the hashes. They then have to put time, money and energy into breaking them, which requires guessing the password, hashing it and comparing those characters to the hashes they’ve stolen, looking for a match.

Unfortunately, not all hashing regimes are created equal. Some are fantastic. Some aren’t. You’re trusting that the site will handle your information properly, and that can be a big gamble.

Some sites don’t use hashing at all. They store your password in their database in plain text, meaning all a hacker needs to do is break in and walk out with clear, easy-to-read passwords. This is most common on smaller, older sites with home-grown password management. So if the site is partying like it’s 1999, its password management probably is, too. Steer clear.

A long password is better than a complex one

Many people think that a complex password is better than a long one. After all, the more random it is, the harder it is to crack, right?

Wrong. The longer your password is, the more time it’s going to take for a hacker to break it. And when they have computers with the ability to guess millions or billions of “easier” passwords per second, they’re probably not going to bother with yours.

That’s not to say that you shouldn’t include a bit of complexity. A 7 instead of an L or an O instead of a 0 adds even more security. But if it’s a choice between length or complexity, length wins every time.

If you’re tired of trying to remember all your passwords, I highly suggest using a password manager. Sites like LastPass and Dashlane create long, complicated passwords that are difficult to break and that you don’t have to remember.

Password management tips

Now that you know how to identify a safe site, how passwords should be stored and how to create hard-to-crack passwords, here are a few more tips on password management.

  • Avoid easy-to-guess passwords. Your anniversary date, pet’s name, child’s birthday or mother’s maiden name are never good choices. It’s too easy for a hacker to get that information online.

  • Be wary of social media “games.” Social media is full of games and surveys that are just cleverly disguised ways to get your personal information. If you have to input things like the street you grew up on, your first dog’s name or the model of the car you had in high school, stay away.

  • Don’t use the same password for everything. It’s easier to remember one single password than 100 of them, but if a hacker gets ahold of that one single password, they now have access to a hundred sites and services.

  • Don’t ignore security warnings. Even if you’ve visited a site without incident a thousand times before, never ignore security warnings or pop-ups. The back button is your friend.

  • Password managers make things easier. Why remember passwords when a password manager will remember them for you?

  • Use multifactor authentication (MFA) whenever possible. Sure, it may be annoying to have to enter your password, wait for a text message and then enter the code to gain entry to the site – but it’s probably not as annoying as having to tell your executive that your password (and your organization, by proxy) has been compromised.

Password management is your responsibility!

You have a lot riding on your ability to keep your passwords safe and secure – your financial future, your identity and even your job. Don’t leave it up to chance. Password management and protection is a ball you can’t afford to drop.

Julie Perrine, CAP-OM, is the founder and CEO of All Things Admin, providing training, mentoring and resources for administrative professionals worldwide. Julie applies her administrative expertise and passion for lifelong learning to serving as an enthusiastic mentor, speaker and author who educates admins around the world on how to be more effective every day. Learn more about Julie’s books – The Innovative Admin: Unleash the Power of Innovation in Your Administrative Career; The Organized Admin: Leverage Your Unique Organizing Style to Create Systems, Reduce Overwhelm, and Increase Productivity; and Become a Procedures Pro: The Admin’s Guide to Developing Effective Office Systems and Procedures.