We spoke with Leah Golob from Investment Executive about password security. Here’s the summary of our conversation, and the resulting article.
Why is creating a secure password so important these days?
Assuming that it isn’t the online service itself being attacked and it is your account specifically: The complexity and length of a password determine the length of time to crack a password. For example, an 8 character password containing just lowercase letters would take around 8 hours to crack. So someone running a brute force tool could get into your account within a working day. Add just one more letter and that time to crack becomes 9 days. One more and time to crack is 239 days. Add Upper and lowercase, numbers and symbols to that mix, and the time to crack is 29 thousand years.
Can advisors reuse passwords?
(i.e. Same password for Salesforce and email. Why or why not?)
It is never recommended to reuse a password for two services. Think of it like this: If the same key unlocked both your house and your car and someone stole your car, your home would be the next logical target.
What are a few tips for creating a good password?
Since it is bad practice to reuse passwords and people are prone to forget them. A pneumonic is helpful here. Use a verse from a poem or line from a song that you’ll never forget and vary it slightly at each site. Include the spaces between words if the service allows for it. Use capitalization and numbers and symbols in place of letters in the words.
eg. “A r0!!ing st0n3 gath3r5 n0 M0$$” would be a great password and not that hard to remember, subjectively speaking.
Anything else about passwords our readers should know?
Use multifactor authentication whenever possible. A token that you carry with you in the form of a random 6 digit number generator that changes every minute or so, when used in conjunction with a strong password will make for a significantly more secure account than any lengthy or complex password alone. There are free utilities from both Google and Microsoft that serve this function and can be used with many third-party services at no charge.
Thanks to Leah for speaking with us about password security. To view the article, see http://www.investmentexecutive.com/-/make-sure-your-passwords-are-secure