No matter how frustrating they can be, a password is a key to our digital lives. From bank accounts to emails, cloud services to apps, our digital footprints are growing daily. With the increase in remote and hybrid working practices, the need for passwords has never been greater. They are the first line of defence against cyber criminals.
With this growing requirement for password creation comes an increased threat of cyber-attacks. In 2020 alone, a whopping 37 billion records were compromised, phenomenally this is the largest number since 2005.
The vast majority are choosing passwords that are too easy to guess and using them regularly. Whatever your business size, unwarranted access to connected devices and systems can be devastating. From brute force attacks to manual guessing, cyber-crime methods can range from the most elaborate to the most straight-forward.
What is a secure password?
The weaker passwords and therefore most predictable include names, pet names, dates of birth etc. These examples also do not use common keyboard runs such as ‘qwerty’ or number sequences like ‘123456’.
Whilst it may seem obvious, the top 5 passwords of 2020 demonstrate how common selections like this are:
| Position | Password | Number of users | Time to Crack It | Times Exposed |
| 1 | 123456 | 2,543,285 | Less than a second | 23,597,311 |
| 2 | 123456789 | 961,435 | Less than a second | 7,870,694 |
| 3 | picture1 | 371,612 | 3 hours | 11,190 |
| 4 | password | 360,467 | Less than a second | 3,759,315 |
| 5 | 12345678 | 322,187 | Less than a second | 2,944,615 |
Most modern software has systems in place to monitor password strength. Moreover, they can also recommend improvements on how to strengthen a password. Unfortunately, these can be easily got around by popular techniques known to cyber-criminals.
Improve password strength with our simple guidelines.
1.Don’t use personal information.
Predictable passwords contain easy to guess dates, family, and pet names. Be aware that cyber criminals go to extremes. Did you know a technique used by cyber criminals is to scroll back through personal social media accounts? From here they source potential information required to guess passwords, an example of which being an individual’s children’s names.
2. Use a unique password for each account.
According to Forbes.com, 60% of us regularly reuse passwords across multiple sites. In addition to this, they also reported that 13% use the same password across all their accounts and devices. By choosing to use the same password, understandably, the risk becomes much greater. Information used to steal an identity or commit fraud, such as bank details, is often obtained by guessing just one password.
3. Create a long & complex password – that’s memorable too.
Although they may be harder to be remembered in the first place, long and complex passwords are great for stopping cyber criminals in their tracks. However, stringing together multiple pieces of personal information is not enough.
In addition to this, replacing letters in a single word with numbers for example ‘Pa55word!’ does not create a more secure password. These are still very easy for cyber-criminals to guess.
According to the NCSC, three, well-chosen, random words can prove to be memorable and secure. Whilst not being as easy to guess, this option provides a compromise between protection and usability. Alongside this, if you include a special character or two, you can add an extra layer of security.
Some sites allow you to randomly autogenerate such long passwords when setting up your logins, or you can even use an app to generate these.
4. Use Two-Factor Authentication (2FA)
Last but not least – two-factor authentication, also known as 2FA, adds additional security to all your accounts. The process requires users to sign in using two passwords or codes. Most commonly, a secondary code is sent to your mobile phone number or taken from an authenticator app. Although these are the most popular methods, there are a number of other 2FA options available.
Currently, advice recommends to always set up 2FA for important accounts. If not available, it may even be worth considering changing your service provider to one that offers it as standard.
Protect and prioritise your passwords.
With dozens, or even hundreds to remember, writing passwords in a notebook is no longer a viable option. As such an increase in demand for password managers has arisen.
Using a vault style system, to securely store credentials, password managers allow users to create, and keep track of secure passwords, without having to memorise them all. 2FA should always be used for any password manager as this ensures your database security.
All passwords security is of course equally important. However, it is worth noting that accounts that have privileged access to data are particularly attractive to attackers. Imposing additional password complexity for systems such as these such as these is important as it helps increase protection.
Implement your technical defences.
Juggling vast numbers of unique and complicated passwords may seem like hard work and it can be. But with a solid understanding of what makes them secure and the right tools in place to organise them, as a ryou’ll find peace of mind, and stress-free online experiences.
If you need more information about how SupPortal can help with your online safety, please contact us today.
