Passwords are the first line of defence in IT security, yet their importance is often overlooked. Despite 90 per cent of people expressing concern about their passwords being hacked, weak password security is commonplace:
Over half of people use the same password for home and work applications.
- 23 million accounts use ‘123456’ as the password.
- 57 per cent of users who fall foul of phishing attacks don’t change their passwords afterwards.
- Over 80% of data breaches are the direct result of poor password security.
The damage can be irreparable. Data leaks can result in heavy fines, while reputational damage can drive customers away, with approximately one-third refusing to do business with companies that leaked their personal data.
So, what steps can you take to improve the strength of your business’s passwords?
1) Avoid Single Words
Cybercriminals use software that tries to unlock a password with every word found in the dictionary, so common nouns and names are especially vulnerable. It may be easy to remember ‘dragon’, ‘football’, ‘welcome’, or ‘password’ (all of which feature in lists of the most common passwords), but they can be effortlessly detected by advanced hacking tools.
2) Use Letters, Numbers, And Symbols, Not Personal Data
The most secure passwords feature a random combination of letters, numbers, and symbols, which are much harder to predict. Include mixed capital and lower-case letters, too. Consecutive or identifiable patterns of letters (such as ‘abcde’ or ‘qwerty’) should be avoided, as should users’ personal data, much of which is discoverable via social media.
3) Choose Longer Passwords
On average, most passwords contain less than eight characters, making them much more susceptible to cyberattack. A longer password, of at least 16 characters, will significantly reduce the chances of a data breach.
4) Use Distinct Passwords For Each Application
While it is tempting for employees to use a single password across all applications for ease of access, it exposes the business to credential stuffing in which stolen passwords are automatically inputted into multiple websites to try to gain unauthorised access. Using a different password for each application or system will reduce the chance of a successful hack; if users are concerned about remembering different passwords, a password manager tool can be a great help.
5) Avoid Modifying A Single Root Password
Passwords should be entirely different, rather than multiple variations of the same theme. A common mistake is to use a root password that is modified for different applications (such as passwordone, passwordtwo, and so on).
6) Don’t Change Your Passwords Too Often
While it was once recommended to change your password every few months, current cybersecurity advice is not to do this. A properly constructed password that features random letters, numbers, and symbols is difficult to crack. Changing passwords often will make them harder to recall and encourages users to enter weaker, more memorable passwords that are easy pickings for experienced hackers.
7) Use Three Random Words
According to the National Cyber Security Centre, one of the best ways to secure your password is to choose three words – any words – and use them altogether. These can be everyday words or unusual words, which makes the password easy to remember, whilst also being long enough to keep it secure.
We Can Help You To Improve Your Business’s Cyber Security Awareness
At TMB, we provide comprehensive cybersecurity solutions for businesses across London and the south-east to protect them from the prying eyes of criminals and to prevent catastrophic data leaks.
To find out more about our services, please get in touch on [number] or request a free call back today.
