At the turn of each year, SplashData releases a list of the worst passwords of the previous year. Without fail, there are some repeat offenders—”password,” “123456,” “qwerty,” and “abc123,” to name a few. While you probably know setting your password to one of these easily crackable codes is not a good idea, did you know that one of the worst password-making decisions—one 52% of users in a recent study made—is using the same password for multiple accounts? Whether it’s because you want to speed through the checkout for a new online store, or because you need to make your work email password easy to remember so you can quickly check your inbox between patients, password reuse is never a good security practice.  

A common issue that arises from password reuse is credential stuffing, a cyberattack in which credentials obtained from a data breach on one service are used to attempt to log in to another unrelated service. For example, an attacker may acquire a list of usernames and passwords from a breach of a mobile app you use, then use your credentials for that app to log in to your practice management software, gaining access to sensitive patient information. Credential stuffing has been on the rise in the past few years as massive lists of breached credentials are traded and sold on the black market. The proliferation of these lists, as well as the use of bots that can get around traditional login protections, have made credential stuffing a popular attack vector. 

A password manager is the solution to your password woes, serving as a secure, digital (no sticky notes here!) tool which is essentially a vault containing your passwords, locked by a master key that only you know. Assuming you have chosen a strong, unique, but memorable master password you have not used anywhere else, a password manager is a solid way to protect your arsenal of passwords against unauthorized access. Whenever you go to a website or application, you simply open your password manager, copy the password you need, paste it into the login box, and log in. Password managers will also allow you to conveniently access your passwords across multiple devices, such as desktops, laptops, and even your smart phone’s touch or face ID.  

Password managers do more than simply store your passwords; they also help generate and save strong, unique passwords when you sign up for new websites. The longer and more complex your passwords are, the longer it takes for cyberattackers to guess them, but remembering jumbles of letters, numbers, and special characters that are truly complex is a human feat. A password manager makes it easy to generate unique, difficult–to–guess passwords for every individual account login, with no pressure for you to manually recall your login credentials. By taking the hassle out of implementing complex passwords, password managers help prevent credential stuffing attacks on your accounts. 

It might seem counter-productive to store all of your passwords in one central place, but any good password manager uses heavy-duty encryption and often, two-factor authentication to keep your credentials safe. Like all software, vulnerabilities and weaknesses can put your data at risk, but with proper use, a password manager significantly reduces your attack surface. 

At Digital Technology Partners, we have a multi-faceted approach that ensures the security of our clients and their data. In addition to our knowledge of password best practices and the latest security threats, we implement the right tools to ensure our clients, their dental practices, and their patients are protected in every possible way. We understand security is of the utmost importance to dentists, and would love to help you ensure your practice is protected. To learn more about the cybersecurity solutions we provide to dental offices, please email us at sales@dtpartners.com.