Serious Security Issues for Accountants - Part 2 - When Was the Last Time You Changed All Your Secure Personal Passwords?

Is it even advisable to change all your passwords at one time? Are there any risks involved in changing all your passwords at one time? If you do this regularly, does this mean you need to get a life?

Based on a brief review of the literature (in other words, a short Google search), there does not appear to be a lot written about changing all your passwords at one time. In one of its knowledge base articles, Microsoft points out that you should “Change your passwords regularly. This can help keep criminals and other malicious users unaware. The strength of your password will help keep it good for a longer time. A password that is shorter than 8 characters should be considered good only for a week or so, while a password that is 14 characters or longer (and follows the other rules outlined above) can be good for several years.” Now there is an interesting thought, not changing passwords for several years. Quite a bit different from the concept of changing all your passwords at once and, on top of that, doing it regularly throughout the year.

One thing appears to be clear: The better the quality of the password, the longer its useful life. For example, if you intend to log on to a site only one time and are absolutely not willing to provide any confidential information, then a short password to get you through the door will do. Even a six-character password will take hackers hours or more to break with most technologies. Long before that happens, you will be off the site, never to return.

On the other hand, passwords for confidential corporate, client, customer, and personal financial information should clearly be the best possible. My primary personal bank allows me 20 characters, using all but the special characters. I use all 20. After all, if you are using password management software to create and manage your secure log-ins, then long, randomly generated passwords will be no more difficult to create and use than short ones. And oh, by the way, if you intend to change your passwords regularly, remember that the road to hell is paved with good intentions. Exactly how long has it been since you changed your most secure passwords?

If you are not using password management software, you are not using secure passwords nor are you administering them securely. There is really nothing else to say on this topic.

My guess (based on teaching contacts with thousands of accountants each year) is that you probably need to change all your passwords at one time, and that that time is now. A fresh start is always available in this game. Starting fresh forgives all the sins of lack of due diligence with respect to managing passwords in the past. Now all those poorly managed passwords (ones written in a little black book and placed in file drawer 2, weak ones, reused ones, and the list goes on) no longer work.
I do have an opinion on whether or not you should make a regular wholesale change of all your passwords, but I don’t intend to publish it until someone responds. If you want to hear my voice, you must speak up.

Thanks,
Will
William C. Fleenor, CPA, CITP, Ph.D.
Shareholder, K2 Enterprises, LLC
will@k2e.com

This blog

by The K2 Team - Look here for anything that involves technology and accounting. K2 Enterprises is the largest supplier of technology CPE (Continuing Professional Education) for CPAs, CGAs and CAs in North America. The K2 team routinely reviews software and hardware products from all major publishers and teaches accountants how to use these tools effectively. The entire K2 team has 10+ years of experience, many with 30+ years of technology and accounting experience.

More from this blog

Bloggers crew

Steve Knowles has spent 25 years in business and practice in the UK, but he also worked in the states and the years haven't dulled his way of seeing an alternative view to everyone else, and every day is a new adventure.

44507

Joel M. Ungar, CPA is a lifelong resident of the Detroit area and a graduate of The University of Michigan. He is a principal with Silberstein Ungar, PLLC, a Top 15 auditor of SEC public reporting companies.

77092

Allan Boress, CPA, with over 25 years as a practitioner and consultant to the accounting profession. Mr. Boress is the author of 12 published books in 6 different languages, including a best-seller, The "I-Hate-Selling" Book.

49494

Larry Perry, CPA, CPA Firm Support Services, LLC, is the author of accounting and auditing manuals, author and presenter of live staff training seminars, and author of webcast and self-study CPE programs. He blogs about small audits, reviews, and compilations.

90595
Sandra Wiley, COO and Shareholder, is ranked by Accounting Today as one of the 100 Most Influential People in Accounting as a result of her prominent role as an industry expert on HR and training as well as influence as a management and planning consultant. She is also a founding member of The CPA Consultant's Alliance. Sandra is a certified Kolbe™ trainer who advises firms on building balanced teams, managing employee conflict and hiring staff.
21428

Maria Calabrese, CIR, Human Resources manager for Fazio, Mannuzza, Roche, Tankel, LaPilusa, LLC in Cranford, New Jersey, Maria's topics revolve around the world of: Mentoring, Performance management, and The "Y Generation," a.k.a. "The whY generation".

56740

William Brighenti is a CPA, Certified QuickBooks ProAdvisor, and Certified [Business] Valuation Analyst, operating an accounting, tax, and QuickBooks consulting firm in Hartford, Connecticut, Accountants CPA Hartford.

81893

Ken Garen, CPA, is the co-founder and President of Universal Business Computing Company (www.ubcc.com), a software development firm of high-volume, high-productivity accounting and payroll technology.

25624

Eva Rosenberg, MBA, EA, is the publisher of TaxMama.com, and author of the weekly syndicated Ask TaxMama column. She provides answers to tax questions from taxpayers and tax professionals worldwide.

65294

Amy Vetter, CPA, CITP is the CPA Programs Leader for Intacct Corporation responsible for leading the CPA/BPO Partners nationally.

35114
Brian Strahle is the owner of LEVERAGE SALT, LLC where he provides state and local tax technical services to accounting firms, law firms and tax research organizations across the United States. He also writes a weekly column in Tax Analysts State tax Notes entitled, "The SALT Effect." For more info, visit his website: www.leveragestateandlocaltax.com
104078
Scott H. Cytron, ABC, is president of Cytron and Company, known for helping companies and organizations improve their bottom line through a hybrid of strategic public relations, communications, marketing programs and top-notch client service. An accredited consultant, Scott works with companies, organizations and individuals in professional services (accounting, finance, medical, legal, engineering), high-tech and B2B/B2C product/service sales.
26774

Rita Keller is a nationally known CPA firm management consultant, speaker, author, mentor and blogger. She has over 30 years hands-on experience in CPA firm management, marketing, technology and administrative operations.

53671
Stacy Kildal is the mom of two fantastic kids, an Advanced Certified QuickBooks ProAdvisor, Certified Enterprise Solutions ProAdvisor, Sleeter Group Certified Consultant, a nationally recognized member of the Intuit Trainer and Writer Network, and co-host of RadioFree QuickBooks.
28691
Michael Alter's blog specializes in providing practical advice to those who seek greater profitability and practice management tactics that enhance deeper client relationships.
33042

Sally Glick, CMO, Principal, Marketer of the Year in 2003 and AAM Hall of Famer in 2007, leads a lively discussion of the constantly expanding roles of marketing and the professional marketers that drive this initiative in accounting firms of all sizes.

102012

The IMA Young Professionals Blog features the insights of IMA’s Young Professionals Committee. Committee members share advice and experiences on careers, continuing education, work/life balance, and other issues affecting young accounting and finance professionals.

34349

FEI Financial Reporting Blog provides highlights from SEC, PCAOB, FASB, IASB, and other regulatory news, including reporting under Sarbanes-Oxley Sect 404. It is written by Edith Orenstein, Director of Technical Policy Analysis at FEI.

113089

Sue Anderson has 30 years of experience in continuing education for accountants. Currently she is the program director for online CPE provider CPE Link.

62232

Jim Fahey is COO of Apple Growth Partners, a regional CPA firm in Ohio. His focus is on the effective and efficient use of technology within the firm by all team members.

40418
Caleb Newquist is the Editor-in-Chief of Sift Media US, overseeing content for both AccountingWEB and Going Concern.
67422

Leita Hart-Fanta, CPA, CGFM, and CGAP is the author of "The Yellow Book Interpreted" and owner of Yellowbook-CPE.com a website devoted to training for governmental auditors.

93518

AccountingWEB is more than just a U.S. team of journalists and financial and technology experts - we have an international side, too! Members of our British team who publish AccountingWEB.co.uk share their ideas, insights, and perspectives from across the pond.

54588