Password security still taken too lightly
With so much publicity given to serious data breaches and the devastating effect a hacked password can have for individuals and businesses, the most recent report from the National Cyber Security Centre (NCSC) makes for worrying reading.
The NCSC takes the lead for the UK on cyber security and their damning report highlights the problems of poor password security practices and the threat posed to everything they protect, from your money or your clients’ money to your personal data or your social media accounts.
Lack of understanding still shocking
The most common method used by hackers remains a brute-force approach, which uses predefined values to attack a target and analyse the response until it succeeds, or fails often through lack of time.
The most common example of a brute-force attack uses a password dictionary, containing millions of words and numbers that can be tried in combinations to discover the correct password, which can take minutes, hours, days or even years – the programme has enough patience.
The hacker is not sitting at their laptop manually entering details, this is now an effective organised criminal activity, which runs to the root of the problem, password security.
The NCSC breach analysis found 23.2 million hacked accounts of victims worldwide used 123456 as the password, which is unlikely to take a sophisticated hacking app long to ‘guess’.
Good password security practices
Consider these pointers to increasing your password hygiene and that of those you work with; like vaccinations herd immunity is important.
Whilst there are many ways to create secure passwords, here are a few of the simpler ways of reducing the risk of a damaging hack:
A simple sentence - start with a sentence like, ‘My dream car is the rosso red Ferrari 458’. Then you apply your rule to it, perhaps taking just the first two letters of the words in the sentence, which would give you the 16-character password: MydrcaisthroreFe458
You just have to remember the source sentence and your own rule. The results are hard to hack and make sense to you and only you.
A word combo - simply use a combination of words, ideally unusual and uncommon ones. Use proper nouns, nouns, favourite characters, favourite books, foreign words, top brands, pets etc., so it looks something like:
The NCSC recommends using at least three words, but remember the more you can use and the more random the combination, the better protected you are.
And don’t forget, you can make it even harder to crack with a few random characters inserted into your combo, perhaps numbers or punctuation between the words or within them, but make it something you’ll remember.
Two-factor authentication - technology is quickly adopting two-factor authentication (2FA) and multi-factor authentication (MFA) to improve security, requiring something in addition to your password, like a code sent to your phone, biometrics (fingerprint, eye scan, etc.), or physical interaction with a keypad.
The problem with passwords is by wanting to recall them quickly, people make them simple to remember and then use the same one, or a slight variation, for every account. The best solutions not only provide the best protection, but are also manageable for people to use, whether at home or at work.
Change your passwords and never stop
Hopefully you will now be changing your passwords and spending a little longer creating more secure ones, with a little help from Google no doubt. But if you would like some help or advice on how to improve security within your business, please get in touch.