Passwords 101 - A tale as old as time
It’s no secret that malicious cyber activity costs businesses and the economy dearly. For small business, the cost and damage of a data hack can be irreversible.
A staggering 81% of company data breaches are due to poor passwords. The good news is that by taking some simple but effective precautions in relation to passwords, businesses can help protect themselves from the havoc and damage data breaches can cause.
Change your password regularly....or not
I'm going to digress already...despite the pale bunch of IT guys in the basement banging on about changing passwords regularly there is guidance from as far back as 2015 advising organisations not to enforce regular passwords changes. There are a few reasons as to why password changes are becoming a thing of the past but the main one is the rise of the digital era, how can anyone be expected to remember all the passwords we need nowadays just to run our lives. What is the point in the sunlight fearing peeps getting you to change the password if you are just going to write it down, or pop it in that excel spreadsheet called passwords?
Essentially with the advice coming up in this article and the removal of regular passwords changes you can actually improve your security posture, both personally and from a an organisation perspective.
Enable Two Factor Authentication (2FA)
Two-factor authentication can help keep accounts and data safe from hackers. This highly effective safety precaution measure requires you to input a PIN or receive a notification that gets sent to you via an email, SMS or an app. Consequently, two-factor authentication protects from stolen passwords and prevents an external person from accessing systems and accounts.
Two-factor authentication isn't just something reserved for the corporate world. Gmail, Facebook and iCloud all offer this added layer of protection for free. USE IT!
Remember your 101
So...when it comes to passwords, they are a necessary evil. They are the first line of defence when used with Two Factor Authentication and depending on the service you are using, sometimes the only line of defence.
Strong passwords make it significantly more difficult for hackers to crack and break into systems. Strong passwords are considered over 8 characters in length and comprise of letters (in both uppercase and lowercase), numbers and symbols.
Avoid Bunching Numbers and Symbols Together
One good password practice that often goes overlooked it to spread numbers and symbols throughout the password instead of bunching them together, which makes it easier for the password to be hacked.
Steer Clear from the Obvious
Having an ‘obvious’ password, such as 12345 or password1, makes it easy for hackers to compromise. Instead, come up with unique passwords that steer clear of personal information, like your date of birth or child’s name.
Test Your Password
Ensure your password is strong by putting it through an online testing tool. have i been pwned? has a password testing tool to help businesses and individuals come up with passwords that are less likely to be hacked.
Refrain from Using Dictionary Words
Sophisticated hackers have programs that search through tens of thousands of dictionary words. Help prevent your business from being the victim of a dictionary attack program by avoiding using dictionary words. Instead opt for random passwords.
On the flip side Don’t Make Passwords Too Long
Passwords that creep up to over ten characters can be painfully difficult to remember. Around 8 -14 characters are considered optimum for password safety.
Use Different Passwords for Different Accounts (or turn on 2FA)
It can be tempting to use the same password for every account, so we don’t forget our passwords. However, this makes it easier for hackers to break into a multitude of accounts. Diversify your passwords by using a different password for every account.
Use a Password Manager
More and more businesses and professionals are using password managers as a means of practicing high levels of security and to help keep their sanity. With password managers, you only need remember one password, as the password manager stores and even creates passwords for your different accounts, automatically signing you in when you log on. An alternative would be something like KeePass, a free offline app that you can use to store all your confidential information, encrypted and protected by a single secure password.
Secure Your Mobile Phone
With the growing use of mobile phones to conduct business, shop and more, mobile devices are becoming a major cause of concern in the security community. Help protect your phone and other mobile devices from hackers by securing your phone with a strong password. Or, better still, use fingerprint or facial recognition passwords to help outwit hackers.
Stay Offline
Avoid having vital company security information plastered across the internet, making it easy for hackers to steal, by signing out of accounts when you’re not using them. Also, remove any permissions on applications or shared links on cloud storage when you have finished with them.
Avoid Storing Passwords
It might sound obvious but avoid storing passwords either digitally (Unencrypted) or on paper, as such information could be stolen by those with malicious motives.
Written by Nick Bennett - Director