Information security has become an important topic in the healthcare industry these days. Practices storing digital patient records are hounded by the threat of computer hackers and strict (yet murky) HIPAA regulations. Now, more than ever, it is vital for practices to keep a close watch on their patients’ protected health information (PHI).
The bad news is that the vast majority of passwords protecting this sensitive data can be cracked – and cracked quickly. With basic computers, hackers can attempt thousands of passwords every second. That means your password may be discovered by a hacker in a matter of a few seconds to a few days.
Creating secure passwords: the do’s and don’ts
Most of us are lazy when it comes to password creation. There are, after all, many things to remember over the course of a day so we want a password that is quick and easy. Unfortunately, the “lazier” the password, the more accessible your information is to hackers. Following are a few do’s and don’ts for developing strong passwords.
Don’t:
- Use short passwords
- Use words
- Use dates
- Use sequences (like qwerty or 1234)
- Write it down.
Do:
- Make them long (12+ characters)
- Use numbers, special characters, varying case
- Use a unique password for every system that requires a password (website, laptop)
- Make them look like this: H!ID,aIa35-y-o.Dywtd?
Tips for remembering your passwords
The “sentence mash”
It’s likely you are thinking: there is not a chance that I will remember a password like H!ID,aIa35-y-o.Dywtd?.
So, what’s the trick to not only creating secure passwords, but remembering them as well?
Jonathan Stanley, Vanguard Communications’ Technical Director and an expert in online security, suggests using a sentence to formulate a seemingly random sequence of numbers, letters and characters. For example, H!ID,aIa35-y-o.Dywtd? becomes:
Hi! I’m Doug, and I’m a 35-year-old. Do you want to dance?
H!ID,aIa35-y-o.Dywtd?
Take the first letter of each word and mash them together with the numbers and punctuation. Make sure to choose a sentence that is specific to you rather than something common, like your national anthem.
The password manager
If you have too many systems to remember lengthy passwords for, a password manager will be your best option.
Password managers such as LastPass and 1Password are browser extensions that save your login information for you. You simply need to remember one password and username for the manager itself. All other passwords are collected by the manager and automatically filled into forms on appropriate login pages. Because of this automation, you can generate long, random, secure passwords you do not have to remember.
Password managers use a system called client-side encryption, which creates a zero-knowledge cloud. This means the information about your passwords is encrypted on your own browser with a private key, and no information is stored anywhere else. Therefore, even if the password manager was compromised, the hacker would not be able to see your encrypted passwords.