All businesses should exercise best practice when it comes to passwords, but what does that mean? This selection of password tips is the ideal place to start.
Everyone knows that passwords are important. Whether you’re logging into a smartphone, an email account or your online banking, often the only thing that stands between you and complete access is the passwords you use. But that same access will be granted to anyone else who can work out your passwords. If your account information falls into the hands of criminals, you could find yourself either inconvenienced or out of pocket. Yet, in spite of the dangers, many of us still aren’t following best practice when it comes to our passwords. And in some cases, we think we are, but we’re basing our decisions on out-of-date advice.
For businesses, the problem is complicated by the fact that multiple employees could have access to the same accounts. Each one of them could then be a potential weak link. Furthermore, not only can poor password practice lead to your own information being accessed, you might find your customers’ data being stolen, which could land you in hot water with the authorities, potentially leading to heavy fines.
In this guide, TMB provides some simple password tips to help you and your team manage your passwords more effectively.
Don’t use the names of friends or family
Ever see a movie in which someone’s password is guessed within 30 seconds? It’s normally the name of a character’s child or pet – and just like in real life, it’s a terrible way to choose a password. It only takes a quick web search to find your social media profiles and work out this kind of personal information.
Don’t use single words
Even if you choose a ridiculously long word like ‘antidisestablishmentarianism’, your password wouldn't take long to crack using what’s called a dictionary attack. Employing this technique, hackers will use software to run through a dictionary of regular words and passwords, until they find the right one. Because computers can do this kind of thing so quickly, it might only take a few seconds.
Avoid strings of successive characters
According to research by Keeper Security in 2016, the most common password in the world was ‘123456’, followed by ‘123456789’, then ‘qwerty’. Alarmingly, ‘password’ was at number eight too, but the majority of the top ten were simple strings of numbers counting up or down. In a brute force attack, where hackers use computers to try every possible combination of characters possible, or a dictionary attack, these passwords will provide practically no protection.
Use a combination of character types
You’ll notice that many websites these days will require you to use passwords that follow particular criteria. Commonly, that will be a password with a capital letter, a number, a special character (not a letter or number) and a minimum length. This can potentially make it much more difficult for hackers to crack your passwords – but only if you choose something that isn’t easy to guess. Passwords like ‘P@55w0rd’ and ‘F00tball123’ might get you past a nagging sign-up form, but a hacking tool would make short work of them.
Use a passphrase
This is perhaps the most effective way to make a strong password. Instead of choosing a single word, you string together a few different words to make a phrase. Even something like ‘myrabbiteatspotatoes’ is better than a shorter password with capital letters and numbers. Not only would it take longer for a computer to guess the phrase, it’s also easier to remember this kind of thing.
Vary your passwords
Even if you created the most secure password in the world, it wouldn’t be much good if you used it for everything. If one of the web services you use, for instance, were to be hacked and your password stolen, criminals wouldn’t take their time about trying that same password on all your other accounts. By choosing a different password for everything device and service you use, you can easily contain the damage.
Be careful about writing passwords down
Around the turn of the millennium, the general consensus was that long, complicated passwords were the best way to stay safe. But there’s one major problem with that: people can’t remember them. What often happens instead is that they write their passwords down. Oddly enough, though, that’s not necessarily a major problem. If your written-down passwords are kept in a safe location, for example, they might actually provide an effective way to avoid remote attacks; it’s when they’re written on a Post-It note stuck to a monitor or shoved in a wallet that you run into trouble.
Create a system
If you struggle to remember your different passwords, it can help to use a system when creating them. For example, you could take the odd letters of the web address (1, 3, 5, 7, etc), followed by the number of letters in it, followed by the even characters(2, 4, 6, , etc.), and capitalise the first and last characters. Using this system, www.website.com would result in a password of ‘Wbie7esT’. By employing a consistent pattern in this way, you should always be able to remember what your passwords are.
If you absolutely cannot remember your passwords or just don’t want to, then password managers are a great solution. Whether it’s Dashlane, Lastpast, LogMeOnce or one of many other password managers, these tools provide a straightforward way for you to keep track of your different passwords. All you have to do is remember the master password, which unlocks the manager, and all the other passwords are stored within. Most of these applications can also generate strong passwords for you, so you won’t even have to think up new ones.
Be aware, though, that even password managers can be vulnerable. There’s nothing you can do about this, unfortunately, but it’s a relatively small risk considering the convenience that password managers offer.
Technology like fingerprint scanners, facial recognition and iris scanners present an excellent alternative to passwords. As well as appearing on some of the newer smartphones, you can buy equipment for PCs that will give you access to this same technology.
There are ways to trick biometric security, but the companies that make these systems are improving them all the time. Plus these kind of tricks require a level of determination that would put off most would-be intruders.
Test your password
Not sure if your passwords are any good? Find out by running them through a password tester. There are many of these to be found on the web, including http://www.passwordmeter.com and https://password.kaspersky.com.
Of course, by using these services, you’re sharing your passwords with a third party. As internet security firm Kaspersky says on its own password checker ‘Never enter your real password’. Whether you do or don’t is your own choice, but if you don’t, you can still use these tools to test the kind of password you might want to use for real.
Free Download - 7 Essential Password Tips
As with all forms of cyber security in businesses, getting passwords right is as much about educating your people as it is about installing specialist solutions. To help you spread the word, TMB has put together a handy, free guide covering the main password tips in this blog post. Feel free to download and share!