Passwords are the first line of defence in IT security, yet their importance is often overlooked. Despite 90 per cent of people expressing concern about their passwords being hacked, weak password security is commonplace:
Over half of people use the same password for home and work applications.
The damage can be irreparable. Data leaks can result in heavy fines, while reputational damage can drive customers away, with approximately one-third refusing to do business with companies that leaked their personal data.
So, what steps can you take to improve the strength of your business’s passwords?
Cybercriminals use software that tries to unlock a password with every word found in the dictionary, so common nouns and names are especially vulnerable. It may be easy to remember ‘dragon’, ‘football’, ‘welcome’, or ‘password’ (all of which feature in lists of the most common passwords), but they can be effortlessly detected by advanced hacking tools.
The most secure passwords feature a random combination of letters, numbers, and symbols, which are much harder to predict. Include mixed capital and lower-case letters, too. Consecutive or identifiable patterns of letters (such as ‘abcde’ or ‘qwerty’) should be avoided, as should users’ personal data, much of which is discoverable via social media.
On average, most passwords contain less than eight characters, making them much more susceptible to cyberattack. A longer password, of at least 16 characters, will significantly reduce the chances of a data breach.
While it is tempting for employees to use a single password across all applications for ease of access, it exposes the business to credential stuffing in which stolen passwords are automatically inputted into multiple websites to try to gain unauthorised access. Using a different password for each application or system will reduce the chance of a successful hack; if users are concerned about remembering different passwords, a password manager tool can be a great help.
Passwords should be entirely different, rather than multiple variations of the same theme. A common mistake is to use a root password that is modified for different applications (such as passwordone, passwordtwo, and so on).
While it was once recommended to change your password every few months, current cybersecurity advice is not to do this. A properly constructed password that features random letters, numbers, and symbols is difficult to crack. Changing passwords often will make them harder to recall and encourages users to enter weaker, more memorable passwords that are easy pickings for experienced hackers.
According to the National Cyber Security Centre, one of the best ways to secure your password is to choose three words – any words – and use them altogether. These can be everyday words or unusual words, which makes the password easy to remember, whilst also being long enough to keep it secure.
At TMB, we provide comprehensive cybersecurity solutions for businesses across London and the south-east to protect them from the prying eyes of criminals and to prevent catastrophic data leaks.
To find out more about our services, please get in touch on [number] or request a free call back today.