News release: 20 October 2014
Source: Lewis Morgan – IT Governance
Although passwords are just a string of characters, they are effectively what stands between security and a disaster. Imagine what would happen if your passwords were to be leaked or cracked, here are a few examples of what hackers and cyber criminals could do:
Social media – post offensive messages, causing you brand damage and loss of fans
Computer – install software to track all of your activities, such as entering bank information.
Client bank accounts – steal your clients money
Confidential Files – steal your marketing plans and sell them to competitors, causing you to lose out on big contracts.
Email – Ability to send malicious emails leading to installation of viruses
Smartphones – access to your organisation’s cloud-based files
I’m sure that all organisations and individuals want to avoid any of the above events happening to them, so why do so many people have weak passwords?
A common answer to that question is ‘because it’s easy to remember’ or ‘quicker to type in’ – if you’re one of those people, then frankly you shouldn’t be given access to anything which requires a password.
Passwords are much easier to guess than most people think; I bet that if your password requires a number or a special character that it’s at the end. I bet it’s also one of these:
1
!
?
#
%
If I’m wrong, then good! If I’m right, then part of your password has just been guessed by someone who works in marketing – think how much of it a hacker or a computer could guess…..
Here are 3 simple tips for creating a more secure password:
Completely Random
When you think of a password, imagine something which is completely random which you have no relation with. By not using the names of your children, your birthday or the street you live in, you reduce the chance of someone who knows you simply guessing your password.
Instead, grab a dictionary and pick 3 random words. Now mix them together in one word which you won’t find in any dictionary.
For example if your 3 words are Cheese, Machine and Farm you might make it Farcheeine. Now throw some numbers in there, F4rChe3ine. Sure, it might be hard to remember at first – but you’ll eventually be able to remember it without scratching your head.
Store it in your mind
Even if you find that your password is hard to remember, you need to refrain from writing it down somewhere. Instead, just keep saying it in your head now and then until you get fed up of hearing it. Trust me, if you can remember the lyrics to an endless amount of songs (which I know you can) – then you can remember a password.
Don’t go for the minimum
Most systems will have a minimum amount of characters required for a password – this doesn’t mean go for the minimum. If it requires at least 7 characters including a number, then make your password 14 characters long with 2 numbers.
These 3 simple steps will increase the strength of your password significantly; just make sure you do it all over again in 3 months.
Think about your employees. Although you don’t necessarily control the strength of their password, the minimum you could do is to raise awareness of information security and what is considered best practice.
If your staff haven’t been exposed to a form of information security training, then chances are they don’t know what is classed as a secure password. You need to make sure that all of your staff have a healthy knowledge of password security, otherwise your organisation will face the consequences.
JMS Secure Data response to article;
With the very sophisticated viruses that are about at present its very easy for organisations passwords to be obtained or worked out by simply clicking on a random link from an unknown source or simple browsing various websites that contain viruses. The tips in this article will go a long way to protecting your data and where possible we would advice the use of relevant benchmark encryption software with your data to ensure your business does not fall short of the requirements under the Data Protection Act.
