sb-nz logo
Story image

Six practical tips for better password practice

06 May 2020

Article by Aura Information Security general manager Peter Bailey

A list of the most hacked passwords in 2019 published by the UK’s National Cyber Security Centre revealed some sadly predictable results - with repeat offenders like ‘123456’, ‘password’ and ‘qwerty’ making the top ten multiple years in a row. 

Humans are predictable creatures. Since the dawn of the internet our love of using simple, easy to remember passwords has been enduring, despite most of us being aware of the risks attached to their use. Many of us haven’t shaken off our bad password habit out of a misplaced sense that the worst will never happen to us.

Often hackers don’t break into your network, they simply log in. If your password is weak, you’re at risk of a cybercriminal discovering it and slipping unnoticed into your systems and network. 

Strong, unique passwords are your first line of defence when it comes to securing your systems, and there are many simple things you can do to achieve this. Here are 6 tips you can implement to ensure your password practice is fit for protecting your business. 

1.    Ditch your simple passwords for a passphrase

Many people think a secure password needs to be a random string of letters and symbols in order to be difficult to crack. However, using a passphrase that creates an easily remembered sentence is just as effective, and easier for you to both type and remember. Make sure you include at least 14 characters, and if possible, add at least one or two numbers and symbols to increase complexity.  

2.    Two Factor Authentication

Where possible set up two-factor authentication (2FA) for logging into your accounts. This is where a second method of verification is required to log in and is a simple way to add a second layer of security to your accounts. Some common methods of 2FA include receiving a verification code via SMS or email, answering a question only you would know the answer to or using a biometric control, such as your fingerprint, to access the account. 

3.    Use unique passwords

No matter how complex your password is, it’s useless if you’ve used it across multiple accounts. Lists of compromised email addresses and passwords from large-scale breaches have been leaked online or even sold on the dark web. If one of your accounts has been compromised and you use the same password and login email across different websites, a hacker can easily reuse credentials to log in and steal your data. That’s why it’s imperative you never use the same password twice, especially across business and personal accounts. 

4.    Avoid using personal information in your passwords

While there are plenty of complex technical tools cybercriminals can use to break into your account, sometimes the most basic methods are the most effective. One common way is to personally target you and manually type in letters, numbers, and symbols to guess your password. Avoid using obvious things, like family or pet names, or the title of your favourite show, as these can easily be cracked if the hacker does their research on you. Likewise, avoid using things like the name of your favourite movie or music artist. Arsenal, Star Wars and Eminem all featured in the top 300 most hacked passwords last year.

5.    Never, ever give your password away! 

Don’t give your passwords to anyone else. Don’t type your password into your device if you are within plain sight of other people, like a café or on public transport. And never write your password down on a sticky note attached to your computer. If you get an email from a colleague, administrator or bank asking for your password, don’t take it at face value – pick up the phone and call that person if you have doubts, or check the origin of the email as it may be a scam. 

6.    Consider using a password manager

If you’re struggling to create long, strong passwords try a password manager. A password manager stores and encrypts login information you use to access websites, apps and services. All you need to remember is a single login for the password manager and it will auto populate or provide passwords whenever you need to access those accounts. 

Some password managers can also help you generate strong, complex passwords and will prompt you when they detect the same password is being used across multiple sites. Password managers are particularly helpful if you require lots of different passwords for multiple personal and business accounts. Just make sure the password you select to access the password manager is sufficiently complex, and don’t forget to add 2FA. 

Story image
SMEs treading water against 'endless volley' of cyber-attacks — report
According to a new report from Cynet, these SMEs are resorting to outsourcing some aspects of their threat mitigation in order to safeguard IT assets, as a result of the heightened risk of serious breaches.More
Story image
LogRhythm buys out MistNet to bolster analytics capabilities
LogRhythm says its aim is to bring stronger levels of machine learning-based detection and response.More
Story image
IronNet expands Asia Pacific presence with new strategic partnership
“The combination of M.Tech’s extensive network in Asia Pacific and our unparalleled expertise in threat intelligence and detection will help more enterprises across the region to proactively identify and take down known and unknown threats before they happen.”More
Story image
First AML awarded Privacy Trust Mark
“First AML conducts regular, detailed staff privacy and security training sessions and employs regular third-party audits that go above and beyond what is required by law."More
Story image
Trend Micro adds cloud-native container security to Cloud One Services Platform
Designed to ease the security of container builds, deployments and runtime workflows, the new service helps developers accelerate innovation and minimise application downtime across Kubernetes environments.More
Story image
Users pay with personal data - Kaspersky on WhatsApp move to share data with Facebook
"Nothing is truly free, and, unfortunately, the current business model for free services means that, essentially, we pay with our data."More