Story image

Aura Information Security’s password tips for World Password Day

03 May 18

What’s in a password? A lot, actually. Your passwords are the gateway to you and your company’s most important documents and assets, so they should be considered carefully. However, despite being the access point to crucial and sensitive data, the importance of password security is often overlooked.  

This year’s annual World Password Day falls today, Thursday 3rd May 2018, and marks an opportunity for Kiwi individuals and businesses to assess their password security. World Password Day is a global initiative to raise awareness around password security, and ultimately make the internet a more secure place.

Peter Bailey, general manager of specialist cybersecurity consultancy, Aura Information Security, shares his tips on how to maximise your business’ (or your own!) password security this World Password Day:

Choose a strong password

You might feel tempted to finish the admin of setting up new services and accounts quickly, but choosing a strong password is one of the most important steps in the process. Don’t rush into choosing any old password, as it’s likely to end up being weak (and possibly difficult to remember).

What actually makes a strong password? In the past, it was thought that a combination of capital and lowercase letters and numbers made for a hard to crack password. But in late 2017 it was revealed that this actually isn’t the case. Instead, you should choose a phrase or string of words that’s easy to remember for you, but difficult to guess for hackers. It could be your favourite song title or lyrics, or your favourite food.

Once you’ve chosen your password, don’t reuse it 

Another easy trap to fall into is that once you’ve chosen that strong password, you start to reuse it elsewhere. We’re only human, so remembering multiple different passwords for different accounts can be tricky.

But, if a hacker does manage to access your business or personal password, and it’s the same across all of your accounts, this will give them access to everything.

Likewise, if employees share passwords between their personal and work accounts, this increases the chances that your business could be compromised.

With multiple passwords, you greatly minimise your risk. Encourage your employees to have different passwords for use on their personal devices and work devices, so that if questionable security practice at home is breached, it doesn’t affect your whole business.

There’s an easier way to remember all those different passwords

One way to combat the issue of remembering multiple different passwords is to use a good password manager. Basically, a password manager is a vault that is protected by a master password and keeps all your passwords in one place. A password manager requires you to set a strong master password.

We encourage you to use a ‘passphrase’ – or sequence of four or five words – as your master password. It’s length rather than complexity that makes a good password, so choose long words that aren’t predictable. Luckily, your master password will be the last password you have to remember, as most password managers include password generators to create strong passwords for you automatically. 

There are lots of options available, ranging from online solutions such as 1Password, to more technical solutions such as KeePass. Most offerings provide mobile apps as well, so you can manage your passwords on your iOS and Android devices too.

Don’t be tricked into disclosing your credentials

It may seem to go without saying – you would never willingly share your password with a cyber hacker -  but cyber criminals are constantly becoming smarter and thinking of new ways to make you part with this information before you even realise you’ve done it.  Social engineering is a key example of a trick that has been used for years, but that continues to be effective even though we’re aware it can happen.

Common ways that hackers utilise social engineering include convincing or tricking people into clicking on infected links, or paying an invoice that looks like it has come from a legitimate source. With that said, one of Aura’s biggest pieces of advice is that good security for businesses starts with staff education and effective security policies – and that includes never revealing your passwords to anyone, or including passwords in documentation (emails, work instructions, application user guide etc.).

Educate your employees and foster a cyber-aware culture

Most security breaches can be attributed to pure human error. We’re not perfect and employees can’t be expected to be experts on cyber security, but ensuring that the basics are covered is a great start. 

Teach your staff how to create strong passwords and encourage them to use different ones across different platforms, as well as between work and personal devices. Fostering a culture of cyber security awareness, supplemented by regular training and education is hugely important. If you don’t have a dedicated cyber specialist to lead these sessions, there are quality online tools available.

A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.