World Password Day
It is estimated that at least 60% of people use the same password for every account, with 81% of data breaches occurring as a direct result of poor password security.
What’s worse is that an astonishing 23.2m people use the password 123456, with 123456789, qwerty and password all also appearing in the top 10 most common passwords.
Using the same password for everything may seem tempting, who can really keep up with the ever-increasing number of online accounts? But by reusing passwords you’re putting your data more at risk.
Our top tips for password security
1. Select strong but memorable passwords
Human minds are predictable, and we tend to create unoriginal and predictable passwords, for example swapping out “o” for 0 or adding a random character (such as !) at the end in an attempt to meet complexity criteria, without truly creating a more secure password. And remembering a whole host of unique and complex passwords is a feat that the majority of us just can’t manage.
The NCSC now recommends using a passphrase made up of three random words rather than complex passwords, and the reason behind this makes so much sense:
- Passphrases are much easier to create, remember and use than a string of letters, numbers and special characters, making it simpler to have a different one for each login
- The longer a password is the more secure it becomes, and a passphrase will easily satisfy this requirement without resorting to adding predictable characters to the end just to hit the minimum character limit
- Passphrases encourage a range of different passwords, so you can really have fun with what you create
- It’s an easy concept to remember, think about how “three random words” sounds compared to “1 capital, 1 lower case, 1 number and 1 special character”
Of course, if you don’t want to create your own passwords you can always use a random password generator, which brings us to our next point;.
2. Use a password manager
Password managers are incredibly useful and powerful tools, and they do more than just storing your passwords.
Most password managers offer a free option and provide the ability to generate unique passwords that can conform to any password requirement, and the great thing is you can store and recall passwords directly from browser add-ons or from an app on your phone. No more writing your information down on notepads or re-using the same unsecure password over and over.
There are other benefits to using password managers, some even let you securely share your passwords, store payment details and even provide dark web monitoring.
And when you use a password manager you only need to remember one password, just make sure that it’s a suitably strong one and enable multi-factor authentication;
3. Enable multi-factor authentication
Where possible you should enable multi-factor authentication (“mfa”) on your accounts. When used effectively this means that even if your password is compromised an attacker would also need to have a second method of verifying your account, usually via SMS or authentication app.
The best place to start is to secure accounts that would have the highest impact if they became compromised; bank accounts, personal email, online shopping, social media etc. And once you’ve exhausted this list any time you log in to a different account check if they offer mfa and enable it.
4. Think – do you really need that login?
Another way to protect yourself online is by reducing your digital footprint. Most of us will have accounts that we created years ago that haven’t been used in a long time. By deleting these accounts you can reduce the risk that your personal data will be leaked, especially if the service is no longer being maintained as this could mean security hasn’t been updated and could be compromised more easily.
How secure is your business?
Cyber threats are continually evolving, and its imperative that your business is protected to prevent the latest information security threats, vulnerabilities and risks.
Reliable security can only be built on a combination of well-trained people, sound governance, accurate reporting and delivered by correctly configured technology.
JT provides cyber threat advisory and managed cybersecurity services that help organisations identify, understand and control their security risks. Reach out to our team to find out how we can support your requirements today.