Story image

Aura Information Security’s password tips for World Password Day

03 May 2018

What’s in a password? A lot, actually. Your passwords are the gateway to you and your company’s most important documents and assets, so they should be considered carefully. However, despite being the access point to crucial and sensitive data, the importance of password security is often overlooked.  

This year’s annual World Password Day falls today, Thursday 3rd May 2018, and marks an opportunity for Kiwi individuals and businesses to assess their password security. World Password Day is a global initiative to raise awareness around password security, and ultimately make the internet a more secure place.

Peter Bailey, general manager of specialist cybersecurity consultancy, Aura Information Security, shares his tips on how to maximise your business’ (or your own!) password security this World Password Day:

Choose a strong password

You might feel tempted to finish the admin of setting up new services and accounts quickly, but choosing a strong password is one of the most important steps in the process. Don’t rush into choosing any old password, as it’s likely to end up being weak (and possibly difficult to remember).

What actually makes a strong password? In the past, it was thought that a combination of capital and lowercase letters and numbers made for a hard to crack password. But in late 2017 it was revealed that this actually isn’t the case. Instead, you should choose a phrase or string of words that’s easy to remember for you, but difficult to guess for hackers. It could be your favourite song title or lyrics, or your favourite food.

Once you’ve chosen your password, don’t reuse it 

Another easy trap to fall into is that once you’ve chosen that strong password, you start to reuse it elsewhere. We’re only human, so remembering multiple different passwords for different accounts can be tricky.

But, if a hacker does manage to access your business or personal password, and it’s the same across all of your accounts, this will give them access to everything.

Likewise, if employees share passwords between their personal and work accounts, this increases the chances that your business could be compromised.

With multiple passwords, you greatly minimise your risk. Encourage your employees to have different passwords for use on their personal devices and work devices, so that if questionable security practice at home is breached, it doesn’t affect your whole business.

There’s an easier way to remember all those different passwords

One way to combat the issue of remembering multiple different passwords is to use a good password manager. Basically, a password manager is a vault that is protected by a master password and keeps all your passwords in one place. A password manager requires you to set a strong master password.

We encourage you to use a ‘passphrase’ – or sequence of four or five words – as your master password. It’s length rather than complexity that makes a good password, so choose long words that aren’t predictable. Luckily, your master password will be the last password you have to remember, as most password managers include password generators to create strong passwords for you automatically. 

There are lots of options available, ranging from online solutions such as 1Password, to more technical solutions such as KeePass. Most offerings provide mobile apps as well, so you can manage your passwords on your iOS and Android devices too.

Don’t be tricked into disclosing your credentials

It may seem to go without saying – you would never willingly share your password with a cyber hacker -  but cyber criminals are constantly becoming smarter and thinking of new ways to make you part with this information before you even realise you’ve done it.  Social engineering is a key example of a trick that has been used for years, but that continues to be effective even though we’re aware it can happen.

Common ways that hackers utilise social engineering include convincing or tricking people into clicking on infected links, or paying an invoice that looks like it has come from a legitimate source. With that said, one of Aura’s biggest pieces of advice is that good security for businesses starts with staff education and effective security policies – and that includes never revealing your passwords to anyone, or including passwords in documentation (emails, work instructions, application user guide etc.).

Educate your employees and foster a cyber-aware culture

Most security breaches can be attributed to pure human error. We’re not perfect and employees can’t be expected to be experts on cyber security, but ensuring that the basics are covered is a great start. 

Teach your staff how to create strong passwords and encourage them to use different ones across different platforms, as well as between work and personal devices. Fostering a culture of cyber security awareness, supplemented by regular training and education is hugely important. If you don’t have a dedicated cyber specialist to lead these sessions, there are quality online tools available.

Five things MSPs need to keep in mind in 2019
A Datto APAC channel exec outlines the most important factors for MSP to being paying attention to in the coming year.
Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nozomi and RIoT to deliver advanced ICS security solutions to Australia
''As a specialised integrator of robust and resilient ICT and IoT solutions within Australia, we are delighted to be partnering with Nozomi Networks."
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.