Weak passwords can be cracked in seconds! The longer and more unusual your password is, the harder it is for a cyber criminal to crack. As shown in this image from Statista, using data from Security.org, a password with 6 characters that utilises uppercase and lowercase letters, numbers and symbols can still be cracked instantly by cyber criminals.
What is good password security?
A good way to increase your password security is by combining three random words to create a single password. For example, ‘DeskAppleDoor’. However, as shown in the above image, this is enhanced by following password security best practice and including the three elements of a strong and secure password: uppercase letters, numbers and symbols. Therefore, a strong password example could be: ‘D3skApp!eD0or4’.
Passwords generated from three random words are a good way to create unique passwords that are ‘long enough’ and ‘strong enough’ for most purposes while also being much more memorable. You can also try using what3words for some inspiration. Always look to use different passwords for different applications and websites; this will make it harder for cyber-attackers to cause damage in the event of a data breaches.
You can use the Have I Been Pwned website to check if your email address or phone number have been compromised in a data breach. If you do find that your data has been breached online, it’s best that you immediately change the password to the affected account, and accounts associated to it.
To approach Optimal Password Security, you should avoid the most common passwords that cyber criminals can easily guess, such as ‘password’. You should also avoid creating passwords with information which could be easily obtained from your social media pages, such as birthdays, family, pet, or sports team names.
Three top tips for good password security
1) Make your password more secure with long and complex passwords that include all three elements of a strong and secure password uppercase letters, numbers and symbols.
Using the ‘three random words’ technique with inspiration from what3words will help you to create strong passwords that are also memorable.
2) Stay vigilant towards any links, which when clicked take you through to a credential input page.
We are seeing a huge increase in this out-of-the-box attack technique, which are extremely realistic and can mainly only be given away by checking the URL which you are redirected to.
3) Use Multi-Factor Authentication wherever possible and adhere to your organisation’s password policy.
This method ensures that two or more methods will always be used to confirm your identity at logon. Your organisation’s password policy is always a good place to start and should provide you with good advice to keep your work and personal data secure.
What makes a good password security policy?
A good password policy will advise all your employees as to how passwords are used to secure information and restrict access to systems. Although there is not one answer to the ‘best’ way to use passwords in an organisation, a good approach is to use a multi-tiered approach that includes passwords at user, management, device, system and network levels to ensure a thorough and encompassing approach.
Therefore, a good password policy will include how passwords are allocated at your organisation, password complexity requirements, and strict instructions on password protection. This could include the use of an Enterprise Password Manager that can also easily create complex passwords.
Multi-Factor Authentication should always be used where provided, which means using two or more methods to confirm your identity at logon. This is commonly performed by asking you to enter a code sent to your email, answer a secret question, or approve an alert from an Authenticator Application.
Protect your employees as individuals, in both their work and personal lives, as the risks are the same. By setting good examples and password policies, your employees will learn how to protect their own personal information, including bank account information and other valuable assets. And in turn, will become more aware of why and how to protect the business’ information too. All information that we access is valuable to somebody. We must all work together to implement cyber security best practices, and that starts with password security.
As a provider of Cyber Security Support and Consultancy Services, Cantium helps organisations to assess their security posture, remediate cyber threats to protect their assets, focus on building cyber resilience, and transform their security model from a reactive to a more proactive, dynamic and risk-based cyber operating model. For more information on building secure environments, and the role of human error in the threat landscape, download our Cyber Security for the Public Sector White Paper.
