Best Practices for Today’s Passwords

‘The Password is…’A Brief History of, and Best Practices for, Today’s Passwords

Discover actionable steps to enhance your security, such as two-factor authentication, unique and complex passwords, and comprehensive phishing training for employees.

The need for consistent password review and management is more important than ever. 

Those of us of a certain age may remember a television game show called “Password.”  The goal of the game was to guess the password using a one-word clue given by a contestant. A collection of passwords would then lead the contestant to guess the puzzle affiliated with the passwords to win the game.

In a way this game is still played today — although the clues are limitless, and the attempts are never-ending. The hacker’s goal is to infiltrate your network and discover what “puzzles” are available. 

Let’s start at the beginning — when did the use of passwords begin? By many accounts, the use of a password began at the Massachusetts Institute of Technology with their internal Compatible Time-Sharing System (CTSS) project. Fernando Corbato, the person who shepherded the project in the early 1960s, needed a way to allow multiple users to save private files on multiple terminals. Thus, a password for each individual user was created for streamlining of access. Ironically, the first hacking of passwords may have also occurred on the CTSS project in 1962, when an authorized user located and printed out his co-workers’ passwords, which he then used for more network computing time — time that was originally assigned to his co-workers.

Over the years, passwords weren’t just used on computer mainframes and networks. In the 1970s many telephone networks were hacked using social engineering and an unrelenting curiosity to determine how the network functioned and what data was stored. Many long distance calls were made at no cost to the hacker. Long distance calls used to be the primary revenue source for phone companies, so the loss was real. In fact, well-known hacker Kevin Mitnick literally wrote the book on how he hacked numerous networking and phone systems in the 1970s and ’80s. The methods Mitnick used then unfortunately still work today.

Today, the effective use of a proper password is even more important than in the 1960s, ’70s or ’80s. Data is the world’s greatest resource, and hackers will use any method necessary to gain access to it. The most common and effective route remains phishing campaigns. These are emails sent to your targeted employees that look extremely similar to everyday emails they already receive, yet they are embedded with attractive links to click or attachments to open. Performing either action may provide a direct path for the hacker into your network. 

Another source of passwords is not as evident, or even current. There are sources on the dark web that find and post thousands of your old passwords. The hackers then use those old passwords within other applications in your name. While using the same password across multiple applications, both work and private, is easy and convenient, it makes the hackers’ job easy and convenient as well.

So what is the big deal if you are hacked? You quickly change your password, ensure you didn’t lose any data and you are all set, right? Wrong. In fact, a violation of the Commonwealth of Massachusetts law may have occurred. As Michael Hammond, our company principal, previously stated at a Connecticut Automobile Retailers Association seminar, “Unencrypted personal information of Massachusetts’ residents (either customers or employees) leaving your network is a violation of Massachusetts law per 201 CMR 17.” Not only is publication of your data breach a public relations nightmare; you may now also have to answer criminal complaints. Other states have enacted similar laws, so please check your state and local statutes. 

The best protection against these threats is a good offense and plan. First, whenever possible utilize two-factor authentication (another layer of security with additional login credentials required). With more and more employees having the ability to work from home, this process provides another layer of protection for your network. Second, have unique passwords required for each business application, and ensure the employees do not use the same passwords used for their home or social media accounts. Longer passwords are encouraged, but even better are passwords that are abbreviations of a full sentence. Third, provide phishing campaign training to your staff. Ensure they know what to look for and what to avoid. When in doubt, do not click on any links or attachments and ask your IT staff to review the email first.  The threats to your business and network are constant, but training and preventative instruction and maintenance can go a long way to reducing those threats.

You May Also Like

Your Team of Coaches

From service technicians to front office personnel, our specialized contributors provide strategies and insights to help your team excel. Embrace success with our team of industry coaches dedicated to your dealership’s growth and excellence.

Susan Givens met Mark Pope, the new UK men’s basketball head coach

Perhaps it’s mostly because I have three boys in sports, but our household is always surrounded by coaches and athletes — we’re truly a family of sports enthusiasts — and especially University of Kentucky fans. So it was particularly exciting when I recently had a chance encounter with Mark Pope, the new UK men’s basketball head coach, and I was struck by how genuinely nice he was. As you can see (at right), he kindly stopped and posed for pictures with me.

The Art and Science of Vendor Partnerships

By collaborating with suppliers and vendors, within the framework of a true partner relationship, you can multiply success and profits exponentially.

The Art and Science of Vendor Partnerships - Women In Automotive
One of the Best Kept Secrets to Building Wealth & Creating Passive Income

The collaborative nature, diversification opportunities and potential for accelerated wealth creation make syndications an attractive option for investors seeking to harness the power of real estate.

One of the Best Kept Secrets to Building Wealth & Creating Passive Income
Critical Thinking for Great Success

Articulate people whose thoughts and ideas are well organized are the most powerful, important and successful people in the world.

Critical Thinking for Great Success
Paving the Way for Self-Discipline

Self-discipline is like a muscle, where the more we use it, the stronger it becomes. By being smart about how we use it, we can develop this key attribute and get the best return for our energy.

Paving the Way for Self-Discipline

Other Posts

The Impact of Spam on Dealership Call Lines

With major smartphone companies now endorsing apps that help guess which callers are spam, ensuring your calls are not identified as such is becoming increasingly necessary.

The Impact of Spam on Dealership Call Lines
The Smart Shift: How Dealerships Are Slashing Processing Costs

The rising trend of dual pricing and surcharging mechanisms is proving instrumental in significantly lowering processing costs.

The Smart Shift: How Dealerships Are Slashing Processing Costs
COMPLIANCE: A Necessary Evil or a Million-Dollar Mistake?

Explore the complexities of digital privacy in business, including the impact of consent banners on marketing analytics and the balance between legal compliance and operational effectiveness. Learn how to navigate the risks and rewards of digital data management.

Sorting the Latest GA4 Confusion

If you’re stumped by the new Google analytics, take some solace in that you are not alone. Here’s some help.

Sorting the Latest GA4 Confusion-Remora, Google Analytics,