sb-au logo
Story image

Six practical tips for better password practice

06 May 2020

Article by Aura Information Security general manager Peter Bailey

A list of the most hacked passwords in 2019 published by the UK’s National Cyber Security Centre revealed some sadly predictable results - with repeat offenders like ‘123456’, ‘password’ and ‘qwerty’ making the top ten multiple years in a row. 

Humans are predictable creatures. Since the dawn of the internet our love of using simple, easy to remember passwords has been enduring, despite most of us being aware of the risks attached to their use. Many of us haven’t shaken off our bad password habit out of a misplaced sense that the worst will never happen to us.

Often hackers don’t break into your network, they simply log in. If your password is weak, you’re at risk of a cybercriminal discovering it and slipping unnoticed into your systems and network. 

Strong, unique passwords are your first line of defence when it comes to securing your systems, and there are many simple things you can do to achieve this. Here are 6 tips you can implement to ensure your password practice is fit for protecting your business. 

1.    Ditch your simple passwords for a passphrase

Many people think a secure password needs to be a random string of letters and symbols in order to be difficult to crack. However, using a passphrase that creates an easily remembered sentence is just as effective, and easier for you to both type and remember. Make sure you include at least 14 characters, and if possible, add at least one or two numbers and symbols to increase complexity.  

2.    Two Factor Authentication

Where possible set up two-factor authentication (2FA) for logging into your accounts. This is where a second method of verification is required to log in and is a simple way to add a second layer of security to your accounts. Some common methods of 2FA include receiving a verification code via SMS or email, answering a question only you would know the answer to or using a biometric control, such as your fingerprint, to access the account. 

3.    Use unique passwords

No matter how complex your password is, it’s useless if you’ve used it across multiple accounts. Lists of compromised email addresses and passwords from large-scale breaches have been leaked online or even sold on the dark web. If one of your accounts has been compromised and you use the same password and login email across different websites, a hacker can easily reuse credentials to log in and steal your data. That’s why it’s imperative you never use the same password twice, especially across business and personal accounts. 

4.    Avoid using personal information in your passwords

While there are plenty of complex technical tools cybercriminals can use to break into your account, sometimes the most basic methods are the most effective. One common way is to personally target you and manually type in letters, numbers, and symbols to guess your password. Avoid using obvious things, like family or pet names, or the title of your favourite show, as these can easily be cracked if the hacker does their research on you. Likewise, avoid using things like the name of your favourite movie or music artist. Arsenal, Star Wars and Eminem all featured in the top 300 most hacked passwords last year.

5.    Never, ever give your password away! 

Don’t give your passwords to anyone else. Don’t type your password into your device if you are within plain sight of other people, like a café or on public transport. And never write your password down on a sticky note attached to your computer. If you get an email from a colleague, administrator or bank asking for your password, don’t take it at face value – pick up the phone and call that person if you have doubts, or check the origin of the email as it may be a scam. 

6.    Consider using a password manager

If you’re struggling to create long, strong passwords try a password manager. A password manager stores and encrypts login information you use to access websites, apps and services. All you need to remember is a single login for the password manager and it will auto populate or provide passwords whenever you need to access those accounts. 

Some password managers can also help you generate strong, complex passwords and will prompt you when they detect the same password is being used across multiple sites. Password managers are particularly helpful if you require lots of different passwords for multiple personal and business accounts. Just make sure the password you select to access the password manager is sufficiently complex, and don’t forget to add 2FA. 

Story image
Report: Power utilities increasingly at risk of devastating cyber-attacks
“Utilities’ existing systems are becoming increasingly connected through sensors and networks, and, due to their dispersed nature, are even more difficult to control.”More
Story image
How are industrial enterprises faring with the rise of cyber threats?
The majority of industrial enterprises face an increase in cyber threats since the COVID-19 pandemic began, according to a new report from Claroty titled The Critical Convergence of IT and OT Security in a Global Crisis.More
Story image
Video: 10 Minute IT Jams - Security expert discusses changing cyber-attacker behaviour
In this Jam to SonicWall senior manager of product marketing Brook Chelmo, who talks about the specific changes in cyber-attacker behaviour he's seen unfold this year, as well as some best practices that should be employed by CISOs to combat increasing risk profiles.More
Story image
Lumen launches managed security services for APAC market
The new service is designed to provide enterprise businesses with a proactive, connected security strategy to enhance threat detection and protection across endpoints. More
Story image
How cyber-attackers use Microsoft 365 tools to steal data
Vectra security research has recently identified how cyber-attackers use Microsoft Office 365 tools against organisations to steal data and take over accounts.More
Story image
IBM Security completes industry first with updates to Cloud Pak for Security solution
"With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity."More