Alert: Is your password safe?

Recent scans of Asante computers by the security team indicate that more than half of the passwords used by our employees are “recoverable,” or able to be cracked, by a cybercriminal.

Apparently, Asante employees are choosing easily guessed or system default passwords such as “Password1!,” “Asante2021,” “Aug2021,” and “Spring2021.” Passwords that include company, pet and family names; months, years or any dictionary word are ridiculously easy to break and allow cybercriminals to take control of our critical systems and data if and when other security precautions fail.  

Because of these findings, employees may experience more stringent password creation requirements for many Asante systems. Safe passwords should have at least 10 characters and a combination of numbers, upper and lowercase letters, and symbols.

So how does the security team know about these weak passwords? A “brute-force” password-cracking software often used by cybercriminals to find weak system passwords was purposely aimed at our systems to check our strength against an attack.

How long does it take for cybercriminals to “brute force” a password? Instantly — or 7 quadrillion years, according to some calculations:

If your password is not up to snuff here are the steps you need to take immediately:

Use technology to help you

Use a secure random password generator or password manager program to avoid having to remember strong, unique passwords and automatically create lengthy passwords containing letters, numbers and special characters.

 There are many trustworthy password generator and password manager programs available online. Our security team uses LastPass and Dashlane for personal and professional use.         

Check your current passwords for strength

Safe passwords should have at least 10 characters and a combination of numbers, upper- and lowercase letters, and symbols. Visit Have I Been Pwned to see if a password has been compromised according to known stolen password sites.

Use different passwords for different systems

A cybercriminal who steals one of your passwords will try using it on other systems to break into those as well. Stolen passwords are often sold online to other cybercriminals.

Consider updating your passwords periodically

The National Institute of Standards and Technology recommends against mandatory password expiration, since it encourages the use of weak, easy-to-remember passwords. Asante’s removal of password expiration reflects this recommendation. However, if you suspect that your password may be used or known by someone else, change your password immediately.

When it comes to passwords, safer is better. Asante’s patient care and business operations depend on it.