What a change a year makes! Cyber security awareness month 2018 was fairly tame compared to the huge number of events that took place during October 2017. Take a look at our blog post from last year if you have forgotten the volume of things that took place.
Like we all know though, the visibility of a security event can be big or small. It can affect all of us individually, or just a few systems. You might hear about it via main stream press, or only in specific trade journals. The month of October 2018, fortunately, was fairly quiet from a cyber security perspective. Earlier in the year there was Meltdown and Spectre permitting catastrophic exploits of CPUs and system memory – showing all of us that security threats can come from nearly any vector and from systems that everyone considered to be secure or untouchable.
While the Spectre threat was seemingly unknowable for many in the security space, this blog post is trying to highlight a cyber security element we all use nearly every day – password security. For the staff here at Ubisecure and for our System Integrators, we have one simple bugbear, the lowly password. Some of us would like to see the password disappear entirely (in reality who wouldn’t!?), after all what’s the best password security – no password. But many of us accept that passwords will be with us for a while, therefore we want to see online identities become more secure, password or no password.
A small anecdote over password security
I was having lunch with a friend last week away from the office and we overheard a table of people talking about passwords and password security. They were all agreeing, passwords are a pain. They were complaining that their corporate password policy was so complex and hard to keep up with. They needed to have passwords that were at least 12 characters long and each password needed to be changed every month. With seven or eight different systems, one person admitted that they just used the same password in all eight systems. Does that sound familiar? Maybe it’s a conversation you won’t have with anyone, you just think it each month as your passwords expire. But surely one password is a violation of their companies security policy, but even setting the ‘best’ policies aren’t enough, a company has to be able to enforce them too. Depending on your company, budget constraints and expansion in digitalization, the simple act of Password Security ends up being not that simple.
It isn’t any simpler if you use a password manager – don’t forget that master password. And the recently touted two-factor security keys sound great, until you drop your keys into the lake or forget them at home and can’t log into anything.
If you’re tired of resetting passwords and concerned about the idea of a basic usb key that can be lost. Then you or your company might be in the market for an Identity Service like ours. The important part is that you consider your options moving forward. So far passwords aren’t going away and password security isn’t leaving our daily lives.
So please, for your own personal security, make sure that you do change your passwords from time to time. Make up a whole sentence that is a combination of something about you or something that you know and a place you dream of going on vacation. Then vary that for each of the systems you use. There are plenty of suggestions for password sentences, just open a browser and make a search. Keep it interesting for you, but do change them from time to time. Password Security is still present in our lives and will remain present across 2019.
Looking forward to 2019
Here at Ubisecure, we hope that you followed along the cyber security events and activities in your country or region during the month of October. If you aren’t sure what took place, please have a look at the European Unions’ Cyber Security Awareness Month website. Remember to stay vigilant and we look forward to seeing you for Cyber Security Awareness Month 2019!
About The Author: John Jellema
As VP Product Management, John is responsible for ensuring Ubisecure’s ongoing development of its Identity Platform, optimising the feature development while driving generational change across the IAM delivery platform. Since joining Ubisecure in 2017, John has refocused the cloud and on-premises delivered services to fulfil customer expectations across the Nordics.
Prior to joining Ubisecure, John worked for Verizon as a Global Security Product Manager, developing and managing its DDoS platform around the world. With more than 20 years experience in global product management, John is passionate about seamless technology integration. Standing on the shoulders of giants permits us to achieve greatness today and into the future.
More posts by John Jellema