If you are like me, you have multiple passwords for multiple accounts: e-mail accounts, online banking, discussion forums, site memberships, eBay, PayPal and so on. But with so many passwords, it can be difficult to remember them all! You may think it is easier to simply use the same password on different sites or to use passwords that are easy to remember such your date-of-birth or a child’s name. Unfortunately, these types of passwords can easily be hacked. The problem is that while you might be able to remember these passwords, they are not at all secure and hackers will be able to easily crack them to obtain your account information.
Recently, the National Cyber Security Centre (NCSC) has reportedly seen an increase in the number of incidents regarding stolen or cracked passwords. There has also been more in the Press around historic password compromises.
With this in mind, I thought I would take this opportunity to provide some tips that will enable you to create strong, secure and hacker proof passwords.
- Passwords should be eight or more characters in length. It is a common misconception that the more complicated a password the harder it is to hack. In fact, the longer a password is the harder it is to crack!
- Always use a unique password for your accounts. If for example, your Facebook account were hacked and your password obtained, the hacker would have access to your other accounts too.
- Do not use common information in your passwords, such as birthdates, phone numbers or other information that is directly linked to you. Avoid using single dictionary words, or variation of these- use three random words instead. Don’t bother replacing the letter ‘O’ with a zero, or the letter ‘I’ with a one, or any other techniques as hackers can exploit these rules.
- Store your passwords. A bit controversial this one, but storing your passwords allows you to maintain longer, more complex and unique passwords than trying to remember them all. There are two ways you can do this:
- Use a password manager. Read the NCSC’s blog on password managers.
- Write your passwords down on a piece of paper that you guard very carefully. Always keep it separate from the devices that they relate to and disguise them if you can. Never write your usernames alongside the passwords.
- Remember to change your passwords frequently. The general rule of thumb is the more important the account, the more often you should change it. And always change your passwords immediately if you think you have been compromised or you notice something suspicious on your account. And make sure you report it!
- Set up and use two-factor authentication (2FA) across all your accounts, both personal and at work. This will prevent password-guessing attacks. All major providers have advice on how to do this.
As an employer, there are also a couple of things to bear in mind:
- If an attacker accesses your systems remotely by guessing a users’ password, then it is your systems at fault, they are not effectively protected. It is easy to blame the user in this situation but it is not entirely justified.
- Forcing regular password resets is counterproductive, but that doesn’t mean it’s not necessary. It may be better to just ensure your users know how to reset their passwords when this is necessary and help them to pick hard to guess passwords.
If you would like more information, then please get in touch. We will be more than happy to help.