Password sharing seems to be everywhere in the news recently, from office data leaks to speculating if Netflix will send us all to jail. The actual case that sparked all this debate is United States v. Nosal. Nosal used a former colleague’s password to access his former employer’s database after leaving his position at an executive search firm. The Court ruled that this was illegal under the Computer Fraud and Abuse Act.
It sounds reasonable that logging into your ex-employer’s system to access “trade secrets” should be illegal, but the decision was so broad that it could be interpreted to include all types of password sharing.
Multiple sources have pointed out the ruling applies to seemingly innocuous account sharing, which is treated as a normal, everyday activity. Netflix has already stated they don’t care what you do with your password, but this story is a great reminder to talk to your employees about creating a secure account – and keeping it to themselves.
- It’s Complicated...
Different types of characters add additional levels of security to your password. Each password should contain a mix of uppercase letters, lowercase letters, numbers, and special characters.
- Length = Strength
All the special characters in the world won’t matter if your password is only eight characters long. Software security experts recommend a minimum length of 12-14 characters.
- Spell. It. Out.
Many employees avoid long passwords because they’re convinced they’ll forget longer ones. Using a passphrase is a great way to increase password length while making it more memorable rather than less. ‘I100%lovemy2Dogs!’ is much more memorable than ‘dsh226x’, and it’s more secure, too!
- Do go changing
Change passwords frequently, in case your password is compromised somehow. Keep a schedule, anywhere from 30 days to 6 months. This should be based on frequency of use and risk (your bank password needs a little more security than your account on that golf forum).
- No networking
If your employees work from home or use company devices outside of the office, make sure they only connect to your system from secure WiFi networks. The free WiFi at Starbucks is okay for quickly checking sports scores, but not for sensitive information; open networks make identity theft easy for hackers.
- Keep it secret. Keep it safe.
And, of course, make sure your employees know not to share their passwords with anyone, even coworkers. Allowing another coworker to use their password is a violation of the CFAA.
Creating great data security is a group effort. Make sure your employees know how to do their part.
Seeking more data info? Join our Dealing with Data Leaks: Creating Your Data Breach Response Plan webinar at 1PM CST on 8/2.