Password Security

When it comes to passwords we are all in the same boat, we hate having to remember different passwords for all the internet services, computers, and software we are signed up to. What happens is we become lazy and start creating passwords that are easy to guess or are a variation on another password, which leaves your accounts open to be hacked.

This article’s aim is to give you a few pointers which might help when creating new passwords or give you the understanding why it may be a good idea to improve your current passwords.

Change the default passwords

This is one of the most common things businesses forget to change, devices such as printers, routers, NAS drives are all shipped with factory set passwords which can be obtained on the manufacturer’s website. The reason these need to be changed is if someone did manage to get onto your network then they could easily access any hardware set with default passwords at ease. It’s very important when you purchase new hardware ensure you change the default username & password before installing. 

Don’t feel too bad if you have not done this in the past, because it turns out that even the Pentagon left default passwords…………only on their Weapons Systems, so it happens to even the most security conscious (see here). 

Creating a secure password

This is the part we all struggle with, thinking of a secure password that can also be remembered easily. Here’s a few pointers in what you should be doing:

Have at least 12 characters – its simple the longer the password, the harder it is to crack. 

Include Numbers, Letters, Capitals & Symbols – using a mixture of all of these is the best practise

Don’t use personal information – Personal information can be found easily on social media within minutes so it’s best to avoid using anything like birthplaces, favourite sports team, etc.

Example Password

The best way is to think of 3 or 4 random words and link them together, also including the tips above. Here’s an example of a strong password using these words, Hotel, Zoo & Grass.

99GrassZooHotel!

That password above would be easier to remember and harder to crack than say  1^t!j*/54!  because its much longer.

Changing passwords

For years it was thought best practise for businesses was to force users to change passwords every 30-90 days. However this isn’t really that effective because you would find the user wouldn’t completely change their password, they would  keep the same password and just change the end number from 1 to 2 or another small variation.

The key now is too have long secure passwords that are changed much less frequently.

How do I remember all my passwords?

Ok so now you can create secure passwords you might be thinking there’s no way you can remember all of them. Well now you don’t have too as you can get Free Password Manager software on your PC, laptop, mobile and tablets which stores all your passwords in one location, which is secured by a master password (of course!).

Some of these Password Manager’s also offer extra features at an additional cost which some businesses may find useful, here’s a few features they may offer:

• Create strong passwords
• Auto fill sign in on websites 
• Pulls passwords from your browsers into the Password Manager
• Store files securely
• Sync between multiple devices

Here are a few FREE password managers that at the time of writing are recommended. Its worth looking at what features they offer before deciding which is right for you or your business. 

LastPass

KeePass 

2FA (Two-Factor Authentication)

Whilst 2FA (also known as multi-factor authentication) is a separate topic, it’s worth a brief overview as it provides an extra security step alongside your password. It helps to protect your account from getting hacked by someone guessing your username & password because an additional token is needed to login.

There are many different methods 2FA can be implemented but one example is the free Google Auth app which can be installed on Android and Apple mobile phones.

Let’s say you had enabled 2FA on your Google Account and you go to login with your username & password, it will then pop up a box asking for a token, this token will display in the Google Auth app on your phone (the token changes every 60 seconds for extra security). If a hacker then managed to hack or find your login details for a website they can’t get in without access to your 2FA device.

Password Check Websites

Firstly never enter your actual password into password check websites because it could either be a fake website setup to collect your passwords or it could have been hacked and is also collecting your passwords.

That been said they do give you a good guide of how secure a similar length or style password is and some will tell you how long it would take for them to be hacked.

Here are a few of these sites, but remember do not enter your actual passwords

• https://password.kaspersky.com/
• https://howsecureismypassword.net/

Hopefully this article has given you some pointers. For further IT tips for your business please keep checking our website or if you have any additional IT requirements please get in touch.