World Password Day – May 2nd 2019
So much personal and business information now lives online. Just think about your business and personal online banking accounts, bill payment sites, retail sites, social media accounts etc, the list goes on.
With all this information available for the taking, it is wise to ensure you have strong passwords protecting access to these sites.
You might think that gone are the days when people used Password123 or Pa55word! as their login details, but you’d be surprised. The importance of having strong, solid and diversified passwords is highlighted this week by having its very own day.
World Password Day falls on the first Thursday of May every year and has been about for a few years now.
It’s a gentle reminder that simply using the same passwords, reusing old passwords or using too simple a password across your online accounts will leave you vulnerable to cyber attack. Very quickly all your accounts could be accessed by the criminal knowing just one piece of information!
In celebration of World Password Day, we’ve put together some simple but effective tips to ensure your life and indeed livelihood is protected from being accessed by cyber criminals.
Choose your password wisely
Some people have systems to set up complex passwords. Guidance from the government’s National Cyber Security Centre (NCSC) advises that choosing just three random words is a good strategy to adopt, as it provides a good compromise between protection and usability.
When we say ‘random’ this does not mean information which could be quickly and easily found on your social media accounts, such as the name of your dog, children, other half, date of birth etc. It should be three random words - objects that you can see from your desk perhaps - e.g. PencilDockBanana. You can further develop that system to contain numbers in place of letters e.g. P3nci1DockB4nana and then even add a special character to make it stronger e.g. P3ncil1DockB4nan&.
Don’t be tempted to reuse old passwords as they may have been compromised in the past.
If you want to check to see if any of your passwords you use, or have used, have been compromised, we’d advise using free checking tool, Have I Been Pwned. Microsoft Regional Director, Troy Hunt, created this free resource for anyone to very quickly check if a password they’re using has been compromised in a data breach.
You can use password managers to help you to access many accounts online. These helpful tools are designed to make generating and using passwords easier and more secure.
Some can even automatically enter your password into the app or website you’re accessing without you entering it manually every time you log in – a great time saver.
However, you will still need a password to access your password manager which, as aforementioned, needs to be complex, individual and kept securely otherwise you’ll be literally giving the key to your treasure chest to a cyber criminal.
Two-Factor / Multi-factor authentication
Two-Factor or Multi-factor authentication (2FA/MFA) is a security system that requires more than one method of authentication to verify that a user is who they claim to be.
The more factors used to determine a person’s identity, the greater the trust of their authenticity and a reduction in the risk that credentials can be guessed or socially engineered from your users during a phishing attack.
Because MFA security requires multiple means of identification, such as a PIN number or fingerprint at login, it is widely recognised as the most secure method for authenticating access to data and applications e.g. you can set up 2FA or MFA on your password manager account.
Another good tip is to set up more than one type of authentication so that you have a backup plan to get into your password manager account, should your first choice of authentication be inaccessible e.g. you lose/break your mobile phone.
Password protect your devices
It is good practice for businesses to ensure that any devices containing sensitive information are password enabled - that includes company mobile phones and laptops.
This makes accessing these devices more difficult should a thief get their hands on it. We offer stolen device testing as a service to ensure your organisation’s data is as secure as possible should a theft occur.
We shouldn’t need a ‘day’ to remind us how important passwords are and obviously there is no absolutes in cyber security - nothing can ever be 100% secure. However, risks can be mitigated and managed and cyber criminal’s lives made more difficult. It’s always good to get a helpful reminder once in a while to bring password security to the forefront of our minds.
If you would like to chat through any concerns or company-wide protocols, device testing, MFA, security software, support and implementation, please do get in touch.