Six practical tips for better password practice
Article by Aura Information Security general manager Peter Bailey
A list of the most hacked passwords in 2019 published by the UK’s National Cyber Security Centre revealed some sadly predictable results - with repeat offenders like ‘123456’, ‘password’ and ‘qwerty’ making the top ten multiple years in a row.
Humans are predictable creatures. Since the dawn of the internet our love of using simple, easy to remember passwords has been enduring, despite most of us being aware of the risks attached to their use. Many of us haven’t shaken off our bad password habit out of a misplaced sense that the worst will never happen to us.
Often hackers don’t break into your network, they simply log in. If your password is weak, you’re at risk of a cybercriminal discovering it and slipping unnoticed into your systems and network.
Strong, unique passwords are your first line of defence when it comes to securing your systems, and there are many simple things you can do to achieve this. Here are 6 tips you can implement to ensure your password practice is fit for protecting your business.
1. Ditch your simple passwords for a passphrase
Many people think a secure password needs to be a random string of letters and symbols in order to be difficult to crack. However, using a passphrase that creates an easily remembered sentence is just as effective, and easier for you to both type and remember. Make sure you include at least 14 characters, and if possible, add at least one or two numbers and symbols to increase complexity.
2. Two Factor Authentication
Where possible set up two-factor authentication (2FA) for logging into your accounts. This is where a second method of verification is required to log in and is a simple way to add a second layer of security to your accounts. Some common methods of 2FA include receiving a verification code via SMS or email, answering a question only you would know the answer to or using a biometric control, such as your fingerprint, to access the account.
3. Use unique passwords
No matter how complex your password is, it’s useless if you’ve used it across multiple accounts. Lists of compromised email addresses and passwords from large-scale breaches have been leaked online or even sold on the dark web. If one of your accounts has been compromised and you use the same password and login email across different websites, a hacker can easily reuse credentials to log in and steal your data. That’s why it’s imperative you never use the same password twice, especially across business and personal accounts.
4. Avoid using personal information in your passwords
While there are plenty of complex technical tools cybercriminals can use to break into your account, sometimes the most basic methods are the most effective. One common way is to personally target you and manually type in letters, numbers, and symbols to guess your password. Avoid using obvious things, like family or pet names, or the title of your favourite show, as these can easily be cracked if the hacker does their research on you. Likewise, avoid using things like the name of your favourite movie or music artist. Arsenal, Star Wars and Eminem all featured in the top 300 most hacked passwords last year.
5. Never, ever give your password away!
Don’t give your passwords to anyone else. Don’t type your password into your device if you are within plain sight of other people, like a café or on public transport. And never write your password down on a sticky note attached to your computer. If you get an email from a colleague, administrator or bank asking for your password, don’t take it at face value – pick up the phone and call that person if you have doubts, or check the origin of the email as it may be a scam.
6. Consider using a password manager
If you’re struggling to create long, strong passwords try a password manager. A password manager stores and encrypts login information you use to access websites, apps and services. All you need to remember is a single login for the password manager and it will auto populate or provide passwords whenever you need to access those accounts.
Some password managers can also help you generate strong, complex passwords and will prompt you when they detect the same password is being used across multiple sites. Password managers are particularly helpful if you require lots of different passwords for multiple personal and business accounts. Just make sure the password you select to access the password manager is sufficiently complex, and don’t forget to add 2FA.