Wise Up to Strong Passwords

Guest Blogger | Date: March 3, 2021 | 5 minute read

Share

In a world where most things are password protected, even your fridge, having a password that is difficult to hack is key. Learn why you need a better strategy for creating and keeping super secure passwords from our Cyber Security Partner IASME, in the third of their cyber blogs.

wise-up-to-strong-passwords-ce-iasme-blog-cartoon

Why are passwords so important?

When going about your day, there seems to constantly be a service asking for a password, it feels as if you need one just to change your mind these days. How many passwords do you think you have? How do you remember them all? Or do you just use the same one over and over?

Just think for a minute of your front door key, how many different doors does this key open? Would you be happy using a universal key to get into your house? Passwords are just like that unique key, they are an effective way of identifying and authenticating who you are. It is the first and sometimes the only layer that stands between you accessing your money, data, social media accounts and email or someone else accessing those assets and possibly compromising them, stealing from you, or locking you out.

The most common passwords still are, password, password1 and 12345678. Face it, even your dog could guess those! Yet, it turns out that even a password of 8 characters can be cracked in about 5 hours using a standard office computer, and passwords with dates of birth, names of your pets and children, and your favourite band or football team can be easily worked out by reading your social media pages or googling you.

One password – one account

One of the biggest human-factor risks to businesses is staff re-using their passwords. If your work account access password is the same as your Facebook password, potentially a Facebook breach (or any of the other accounts where you use that username-password combination) could equal a big security problem for your organisation.

When an online company is breached, thousands of pieces of customer information can be stolen, including email addresses and passwords. The cyber criminals will immediately go through as many accounts (e.g. utility companies, eBay, Instagram, Amazon, Hotmail, insurance companies) as they can, trying those username-password combinations hoping to open up an access point for more crime. This is the reason you need a separate password for each online account.

Your email address is the gateway for all your other accounts and the place where you reset your passwords. With this in mind, if a criminal gets access to your email account, they can take control of most other user accounts that you have. At the very least, have a complex and unique password for your email account that no one could guess.

Cyber criminals can use computers to guess people's passwords and break into their computers in what is called a brute-force attack. The computer will try every combination of letter, literally working through the dictionary till they have found the words that work. Some programs are sophisticated enough to search logical substitutions such as '4' for an 'A' , 'I' for '1' etc. For this reason, it is recommended that you use a password that is over 8 characters long, or better still, 12 characters or more. Make it complex and hard to guess, and if available, you should set your accounts to lock after a certain number of unsuccessful login attempts.

"How do you think up a unique secure password for each of your user accounts and also remember them?"

How to make a strong password

The National Cyber Security Centre has a great deal of useful advice about passwords. They recommend that you use three random words which you can remember but do not naturally go together. It is also a good idea to use numbers and special characters (*&%F£) in your password, as well as a combination of upper and lower case letters. The longer your password the better. It is recommended that you select long passwords for your admin and other crucial systems' accounts (i.e. email account, banking account). Do not share your password with anyone, this is private information.

Looking after your passwords

The good news is that you do not need to remember all those long and complex passwords. You can use a piece of software called a password manager. You may have noticed that your browser already asks you if you'd like it to create and store passwords for you. This is a browser integrated password manager and is safe to use for personal use, however there are security issues linked to this kind of password manager.

It is recommended you use an independent, stand-alone password manager such as Last Pass or Dashlane. Do some research on third party password managers and use the one you think is the safest. It is often as simple as downloading their software from their website and signing-up with your email address. You will then only need to remember one really good complex password to the password manager itself and after that, the password manager will remember your user names and create and remember extremely secure passwords for each of your accounts. It will be able to operate across multiple devices and on different browsers, it can also be asked to remember additional information such as addresses, wifi codes, credit cards, passports; all organised and encrypted. Password managers provide an option to configure multi-factor authentication to provide another layer of security.

Another layer of security

Another great way to add a layer of security to your password is to use 2 factor authentication (2FA) or multi-factor authentication (MFA). This process is being used more and more and involves using your finger print, retina scan, or a code being sent to a separate device eg your mobile phone to further verify your identity. If you have the option for 2FA or MFA, use it where possible.

Has your password been already been made public?

If you are curious about how many times your email and password have been exposed due to security breaches, check it out on the website: haveibeenpwned.com . Don't worry too much if you have been pwned, most emails have been breached. The important thing is to change your password if you believe it may have been compromised. If you suspect that you have a virus in your system, if the manufacturer notifies you of a security weakness in their product or someone on your contact list gets emails from you that you didn't send, immediately go onto the relevant accounts and change the password. Do not forget to update your passwords on the password manager.

As more of our information and activities go online, cyber security has become a necessary part of life that keeps us safe from crime. Just like learning anything new, it can be broken down into small steps and implemented in bite sized chunks. Businesses of all sizes are at particular risk of cyber crime and would benefit from working towards Cyber Essentials which is a Government approved scheme. By implementing just five core controls that protect against most cyber attacks, businesses can ensure they are on the right track as well as demonstrating to their customers and suppliers that they are serious about cyber security. Click here to find out more about the Cyber Essentials scheme.


Thank you IASME team for the insight. This blog was published on Friday 12th February and is duplicated with permission from IASME. Original publication located at https://iasme.co.uk/cyber-blog/wise-up-to-strong-passwords/.

Takeaways


  • Prevent being a victim of cyber crime starts by having more complicated passwords, which include letters, numbers and special characters.
  • Don't use the same password multiple times: one site - one password.
  • Using a password manager can help create and manage your passwords so you don't have to remember them.
  • Use two-factor authentication (2FA) or multi-factor authentication (MFA) when available as a secondary layer of protection
  • Check if any of your passwords have already been "pwned" if they have make sure you change the password as soon as possible and don't use that password again.
  • Your email is the gateway to any crime, don't also give them an easy way in with an easy password. Check if you password is on the naughty list of most common password in cyber breaches

IASME are a chosen partner of the National Cyber Security Centre (NCSC) and are responsible for Cyber Essentials Certification delivery in the UK. Learn more about IASME.

Concise Technologies are an IASME Certification Body that can assist you with delivering Cyber Essentials and Cyber Essentials Plus. Contact us today to learn how we can help with your certification.

Concise Technologies have written a blog about the differences between Cyber Essentials and Cyber Essentials Plus.

Download a free resource showing 12 Ways to Protect Your Business from Cyber Attack.

protect your business from cyber attack 12 ways infographic

Get in touch and discover how we can help make things easier.

Call us on 01606 336200, or fill in the form below.