Passwords are like pants. You shouldn't leave them out where people can see them and you shouldn't hand them out to strangers!
Your password is often the only thing blocking a whole tidal wave of mischief and headaches (both for you personally, and the company you work for), so it might be a shock for you to learn that guessing a password is much, much easier than you might think.
Password Security is an integral part of securing your organisation. Information created, used, stored or transmitted by your organisation is valuable, both internally and externally which is why the passwords which protect this confidential information should be well thought out, secure and never shared with others.
One common way that online accounts are breached is through password spraying, whereby lists of a small number of common passwords are used to brute force large numbers of accounts.
These attacks are successful because for any given large set of users there will likely be some who are using very common passwords, and these attacks can slip under the radar of protective monitoring which only looks at each account in isolation.
To understand how much of a problem this is, the National Cyber Security Centre recently conducted a research study which allowed participating organisations to assess how vulnerable they would be to a password spraying attack.
From the study, they found that 75% of the participants’ organisations had accounts with passwords that featured in the top 1,000 most common passwords and 87% had accounts with passwords that featured in the top 10,000.
When choosing a password, the bare minimum you should be considering is that it’s a mixture of 8 or more upper and lower case letters, numbers, and symbols. You should also consider choosing at least 3 random dictionary words that are easy to remember or even using a secure password manager.
You can check to see how secure your password is at https://howsecureismypassword.net/ based around current guidelines.
We also recommend not updating your password by just simply changing a number. This does NOT make it harder for cyber criminals to guess your password, particularly if it’s been hacked before.
One of the worst, and sadly the most common, password habits we see is people reusing passwords. You should also avoid using the same passwords at home and at work.
You should also set up additional security steps like two-factor authentication (2FA) to ensure that you’re well on your way to securing your accounts from any data breaches or attacks as it provides an extra barrier of support if your password was to be stolen. Unless cyber criminals have access to both your password and the access token through 2FA then they would not be able to gain access to your accounts.
You can educate your staff on how to create the Perfect Password by enrolling them on our dedicated Perfect Passwords course, just one of our cybersecurity awareness courses.