WORLD PASSWORD DAY
Passwords are now so intrinsic to our daily live that there is even a day to commemorate them. 6 May was World Password Day, a day dedicated to adopting appropriate password management, avoiding common errors, and making sure that your precious data remains safe and secure. Effective password management is your first line of cybersecurity defence. Using weak passwords makes it very easy for hackers to access sensitive data, hold you up with ransomware, and put you, your family, and your business at risk.
THE MISTAKES WE MAKE
There are 3 common mistakes that we make when trying to implement effective password management. These are:
- Using a weak password that is easy to guess, easy to hack and can be revealed using keylogging.
- Choosing a strong password but using it for multiple accounts, again easily cracked using keylogging.
- Not regularly changing login credentials.
“Password re-use is a major risk that can be avoided – nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band.”
The NCSC also recently published an analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cybercrimes. It’s unbelievable that the classic ‘123456’ was used and breached 23 million times. The acronym ‘qwerty’ was hacked 3.8 million times while ‘password’ was subject to 3.6 breaches.
DON’T BE LAZY
Using your spouses or kids name is out of the question and when it comes to passwords, you need to get complicated and think big. But while some will think of a long password with a complex mix of letters, numbers and symbols, they get lazy and use the password for several accounts. This is almost the same as using a weak password. Head of Ethical Hacking at the Scottish Business Resilience Centre Declan Doyle says:
“Even if we take care to create a long and complex password, we then reuse it across multiple accounts. While this approach means we’re less likely to lock ourselves out, it also increases the risk because hackers use powerful computers to randomly guess thousands of passwords each second until they find the correct one.”
THE PASSPHRASE SOLUTION
One solution to finding password that are easy to remember but difficult to crack is to use passphrases. For example, ‘ArsenalFootballFanLondon’ should be easy for an Arsenal fan to remember but is also difficult to crack. The password strength checker My1Login shows that the credential will take 2 years to crack. Doyle says:
“This gives strong protection because they are long but they are also easier to remember than a jumble of letters and numbers.”
The problem is that you can’t reuse the passphrase, and this is truly an issue if you have a multitude of online accounts, like most of us do. So what next? Enter the password manager.
USE A PASSWORD MANAGER
Using a reliable password manager takes the frustration out of trying to remember complex credentials. It will generate a strong unique password for each account, store them and keep them secure. The only password you need to remember is the master password for the password manager. This is something that you mustn’t forget or you will have to start over. LastPass is a popular password manager for both businesses and individuals. The free version allows one user to store their passwords on one device, while the premium plan allows one user to share their stored passwords across all their devices, including iPhones, Android phones and tablets, and Windows and macOS devices via browser extensions.
Google and Apple also have their own password management systems, but 2 other respected paid-for provides are 1Password and Keeper.