Creating a strong and secure password is an important part of protecting your confidential data and networks. However these have come under attack from cyber criminals trying to access your infrastructure. Many hackers will get hold of your passwords through social engineering activities, by tricking you into entering your login credentials to a false site or software. Another common way for criminals to get your passwords is through brute force, where they use tools to automatically enter the most common passwords that we are all guilty of using, with the hope that one of them works.
Cyber criminals also make use of passwords that are publicly released when a website is breached. In some cases, we can become a target because our username and/or password were made public. During brute force, cyber criminals also try combination of characters within a certain length, these can be simple or complex passwords. Passwords that look complex but short may also be at risk to be discovered by attackers. So what can you do to keep your passwords, and more importantly, data safe from cyber criminals? Here are a few steps you can follow!
1. Stay away from the obvious
It can be really easy to stick to common passwords, a poll from splash data revealed the most common passwords in 2017 were '123456' and 'password'. Although this makes it easier for you, as you don't have to remember anything complicated, it also makes it much easier for an attacker to access your credentials. It's important to make sure that all your employees think carefully when selecting a password, cyber criminals can use social engineering techniques such as looking through your social media profiles to see the names of your family and friends, which are commonly used as passwords.
2. Create a unique password
When thinking about what you want your password to be think about length, symbols and numbers, and making it totally random. This will help protect against a tool using brute force being able to discover your credentials! The longer and more complex your password is, the less likely it is that'll suffer a cyber breach. However there are occasions when a breach has allowed a keylogger to be installed on your device without your knowledge, meaning every key touched on your keypad is recorded. It's important that you look out for phishing emails, or dodgy looking sites that claim you need to log in to access a certain program or piece of software! You can read our blog on how to analyze a phishing email to find out more.
Here are five steps to consider when creating your password:
- The password is at least eight characters long (If using a password generator we suggest using at least 12 characters or more)
- English uppercase characters (A - Z)
- English lowercase characters (a - z)
- Base 10 digits (0 - 9)
- Non-alphanumeric (For example: !, $, #, or %)
3. Use a password manager
Now, once you've created this totally unique, and lengthy password it can be difficult to remember, especially if you have a whole list of them. Consider using a password manager to safely store all your credentials. Never store your passwords in a text file, if someone gets hold of that it's game over. A password manager encrypts your passwords so only you can access them.
Password managers can also be breached and this will expose your passwords. It's a good idea to remember a unique word (8 characters that you will add at the end of all generated passwords). This unique word will not be saved in password generators. This way, even if your password generator program is compromised, the attacker will only have access to part of your password.
4. Never 'save' your password
Use a website or piece of software everyday? You'll often be given the opportunity to 'save your password', so that you can automatically login without having to enter your credentials each time you want to login in. But what happens if you leave your laptop somewhere, or someone gains access to your office with the intention of committing a cybercrime? A few clicks is all it takes for them to access your data.
5. People, processes & technology
An important thing to remember is that it's not just technology that will reduce the risk of a cyber attack. It also has to come from your people and processes too. So make sure your team are trained on best practices when choosing passwords, and that stringent processes are put in place to keep your networks safe. Nettitude can help by providing your business with comprehensive security awareness training. Contact us today for a free consultation.
6. Never reuse the same password
Reusing your password is not recommended and should be avoided at all costs. Using a password generator/manager can help reduce the risk of reusing passwords.