You’re doing your passwords all wrong.
So says the developer of the guidelines most internet users have been following for 15 years, anyway. Passwords that L00K l!ke tHi$ are actually much more susceptible to hacking than most people realize, says Bill Burr, former manager of the National Institute of Standards and Technology (NIST) and author of the NIST’s 2003 recommendations for password management.
In an interview with The Wall Street Journal, Burr said that his previous advice to use numbers, symbols and randomized capitalization resulted in people creating passwords that are easy for computers to predict.
A more secure option is to use four random words, such as “that purple monkey dishwasher.” Such a phrase is actually much more complicated for computers to guess, The Wall Street Journal reports. (Cartoonist Randall Munroe explained the math in a comic six years ago.)
Some password advice remains relevant, however: avoid using birthdays or anniversaries, your kids’ names or your address, as all of this information is easy for hackers to locate. Additionally, use different passwords for each of your accounts and avoid storing them where they can be easily seen or stolen.
With cybersecurity threats on the rise, CPAs are paying attention to such advice. (An article about Burr’s interview that appeared in last Thursday’s CPA Letter Daily was one of the week’s most clicked stories, natch.) Strong passwords are just the tip of the iceberg, though. CPA firms and their clients are looking at ways not only to protect sensitive information, but also to report on those efforts.
In response to this need, the AICPA has updated its Cybersecurity Resource Center to provide information on protecting firms, advising clients and reporting on an organization’s cybersecurity efforts – all using the recently released AICPA cybersecurity risk management reporting framework.
Lindsay N. Patterson, CAE, Senior Manager – Communications and Public Relations, Association of International Certified Professional Accountants