IT techs from around the world cringe every time they stumble upon this kind of article. That’s because they get to read about the awful – and *ahem* often shameful – password choices of everyday users.
Why are bad passwords such bad news for IT techs? Simple. As IT experts, it’s their job to ensure the security of the business-related data contained on networks. Best practices have been repeated over and over to employees, yet, it seems like every now and then, there’s still someone out there who believes “1” to be a good password.
When it comes to creating bad passwords, the possibilities are almost endless. Every year, SplashData compiles the worst passwords of the year. Their methodology is quite simple: they take a list of the millions of passwords stolen during the year (the ones that were made public) and sort them by popularity.
Here’s a chart of the winners in 2014 and 2013. Any of them look familiar? If you’re recognizing one of your passwords in this list, please, do everyone a favor. Go change it right now.
Did the popularity of Game of Thrones have an impact on the raise of “dragon” to the top 10? And isn’t it ironic that “trustno1” made the list both years? Trust no one, yourself included, right? But trust your SysAdmin when he tells you to change your password to a safe one.
Our job as SysAdmins — educate and enforce
As SysAdmins, an important part of our job consists of educating users about the importance of a strong and secure password. Examples of hacks in recent years are a dime a dozen. Users need to be informed of what consists of a risk. On both their personal or professional lives.
Business-critical data is just as important to the business you work for as your financial information is to you. What if anyone could access your bank account? And make transactions. Talk about a sticky situation. The same applies to business-critical data.
We SysAdmins must ensure that the business-side of thing is not compromised. That’s where the enforcing part comes in play. Setting some password-related rules is one of the numerous things IT departments must implement to ensure data safety.
Common practices include obligating a certain password length, a combination of letters, numbers and symbols, as well as a mix of upper- and lower- case characters. Passwords should also be changed on a regular basis.
For all you reading this who are no IT techs or specialists, please don’t store your list of passwords in a plain text file on your computer. I do assume no IT tech would do that — if you do, shame on you!
So, now that you’re pretty much a password wizard, let me ask you this. What rules does your organization’s IT team enforce to ensure all employees are using secure passwords?