Do you change it often? Do you use the same password across the board, or multiple ones? Do you use a variety of letters, numbers and punctuation characters? How about your phone, do you use a password lock at all? Or do you stick to the simple screen swipe? How about your business? Do you make sure passwords are changed often? That they are not simple or easy to crack? That employees are maintaining strong passwords that change often?
A simple internet search brings up a slew of free downloads, instructional pages and videos on creating and using password hacking software. Some so basic, it has been said an 11 year old could use them! There is a constant threat from opportunistic criminals, who scan for accounts with default and weak passwords, plus the threat of more targeted attacks looking to fool users into revealing details.
Most businesses are aware that password security is important, but are they aware that one compromised computer on a network can bring the whole community to its knees? Just one hacked terminal can spread a crippling virus throughout the network, effects ranging from halting all business to harvesting or wiping critical data.
In today’s evolving world more and more employees are using their own devices for business. From mobiles to laptops, business is moving further and further away from the office based devices where most companies focus their security practices. If your employee is using his mobile, tablet or laptop for business use, how sure are you that the data they have stored there is protected? A stolen device with no, or a very basic, password can have just as serious an impact as allowing access to your office machines.
So, how can we minimise the risks? Firstly, and most importantly, ensuring different passwords are used for different accounts/devices. This is a basic, often unenforced practice that can lessen the damage should an attack occur. Imagine giving someone a single key that will unlock any door in your home, office, car, garage…
Once this simple practice is established, it is then wise to look at the complexity of the passwords themselves. Certain things should be avoided, amongst them use of names, company names and dates of birth. Matching usernames and passwords are a big no-no, as is using any word that appears in the dictionary!
A minimum length of eight characters is a good place to start, the longer your password the harder it will be to break. Mixing in letters with numbers and punctuation characters, surrounding the password with random punctuation characters(@&$ etc), and breaking it up with these, will increase the security of your password. If the system allows use of a pass phrase, this is often harder to crack and easier to remember.
One of the easiest ways to create a strong, apparently completely random password is to create an acronym from a phrase. Again, substituting letters for numbers and adding punctuation characters will further increase the password strength.
Ideally, no passwords would be written down anywhere, but for those who must write their passwords to remember them: don’t have a list, don’t write them with their corresponding usernames or which account/device they relate to and do keep them in a safe place.
Any mobile device used should have the most secure password system it allows. For example, where a device allows a numbered pin, opt for the 6 or 8 number version over the basic 4, if there is an option for a written password, always take this. Don’t be afraid to ensure your employees are protecting your data, even if that data is on their own device.
Changing passwords on a regular basis will also increase your security. When making changes, ensure the new password in no way relates to the previous ones.
With increasing hacker activity, more companies adopting BYOD, it is vital we do everything we can to protect our systems from malicious attack as diligently as possible, adopting good password procedures is often the best way to start.