Blog / By

Stop Saying to use a long password now!!!

You really can’t remember that many and long passwords now. Let’s take what is ideal; ideally, we would have a password manager, but it becomes hard to convince the user to take such a drastic step from an end-user point of view. Changing user behaviour is not an easy task. For security professionals, it might be an easy step to use a password manager. At least for me, it was pretty straightforward, but for a person for half his life choosing the same password, that is a pretty significant change.

So what do you do? Even if you are spending a million on securing your organisation, it just takes a password that is “password123” to break your million-dollar security system. 

So the best solution is to have a small increment change in user behaviour than a massive change in user behaviour which no one will follow.

The first step is to stop using a password and change that to a passphrase.

That is the best small increment step that you can take, which I see is a more straightforward step for a user to follow than a drastic step like using a password manager.

If you are a big organisation, you should be using a password manager (HOPEFULLY). 

Now comes the implementation. How do you do it? Telling them to use a passphrase will only get 30% listening, so instead, hit the nail where it hurts the most, have a seminar on how you can help keep your children and family safe on the internet. That is where they will listen.

Now here is a plan that you can use or tailor based on your needs.

  1. Use a passphrase instead of a password (They are most likely to use the same passphrase in other sites too)
  2. Use MFA method (SMS works)
  3. Use MFA and make sure it is an app (Authy, google authenticator, whatever works)
  4. Use a place for storing the password and excel sheet or a paper works but make sure it is secure(Make sure every passphrase is different)
  5. Use a password manager.

Now many may argue that on point 4, a user password could be compromised if the system is compromised, which is true. But again, an attacker could also get the one password the user uses in step one if his system is compromised. If the system is compromised, you have more significant problems than a password getting compromised.

Now you got your plan put it into action in your organisation.

passphrase
Scroll to Top