Why having strong passwords really matters

The importance of having a strong password is no secret. Yet despite warnings from every website with a login process, many of us still don’t take them seriously. The hassle of remembering multiple passwords can seem disproportionate to the risk of being hacked.

This isn’t true for individuals, and it especially isn’t true for businesses. From credit card details to company files and social media accounts, poor password security can put your finances and privacy at risk. Here are just a few reasons why having strong passwords matters so much, and what you really stand to lose if your accounts are compromised.

The importance of password security

The immediate benefit of good password security is obvious – it stops someone from accessing your accounts. In an effort not to get locked out of those accounts, many people only use one or two passwords across dozens of websites and apps. Naturally, this means that if your password is compromised, a hacker who knows your browsing history – or simply tests out popular websites – could have free reign over much of your online presence.

What fewer people realise is the extent of the data they keep online, and what a treasure trove this can represent to hackers. Personal information stored in various accounts can allow them to not only make purchases, but steal your identity, and use this to set up other accounts. You may also have information online or on your computer that you’d rather someone else didn’t see, or which you only have one copy of.

For businesses, password security is a matter not just of protecting sensitive files and information, but maintaining accountability. By ensuring that only authorised users can access your systems, you can control and track who is accessing that data, and where they are accessing it from. A compromised business account disrupts this hierarchy, and undermines the benefits of networked files.

How an attacker could guess your password

You may have heard various bits of advice in the past about what makes for a strong password. To truly understand what makes for a secure password, it’s important to get a grasp on how attackers try to compromise passwords. The most common ways that cybercriminals will attempt to compromise passwords are:

Lists of common passwords. Passwords like abc123 and P@ssword1 will be attempted first by attackers.
Personal information. An attacker could use information like birthdays and pet names that are often easily found on social media.
Passwords compromised through breaches. If a site experiences a breach and your password is exposed, an attacker may try that password to log into your accounts on other services.
Using brute-force attacks. The last resort for an attacker is a brute-force attack, which involves going through characters systematically until your password is arrived at (i.e. aaa, aab, aac, and so on…

Keeping your password safe

Password security can feel like a bit of a catch-22: you need a complex password to foil hacking attempts, but they can also be hard to remember. Ultimately though, there are a few rules you have to stick to, regardless of which method you pick for generating your passwords. Neglect these, and the rest of your hard work will go to waste.

It’s important to create a strong password, but the effort will be wasted if you don’t take steps to keep your password safe.

To keep your password secure, you should:

Try to avoid writing down passwords on paper, particularly in shared spaces.
Never share passwords with anyone else, including colleagues and tech support.
Never send passwords in emails, text messages or via apps.
Never store your passwords in a document, either on your computer or online

Multi-factor authentication

While having a secure password is essential, it still may not be enough to stop an attacker. The more secure your password is, the smaller the chance that a cybercriminal could randomly guess it – but it can always happen. A site may also cause your password to become compromised in the case of a breach.

Multi-factor authentication protects your accounts by making you use another method of authentication in addition to your password when you sign in. In this way, a hacker would need access either to an email account or a physical device (e.g. your phone) to successfully access the account with MFA, making it far harder to breach.

This additional method could be:

A code or prompt from an authentication app.
A code from a text message or email.
An authenticated removable device.

If the option is available, you should always turn on multi-factor authentication on your accounts. Even if you don’t think an account contains valuable information, it may still have data that reveals things about you, and could be used to steal your identity or access your other accounts.

How to create a password that’s easy to remember but hard to crack

A perfect password is one that’s easy to remember, but impossible to crack.

While a perfect password is not possible, there is a technique you can use to get as close to it as you can: the three random words technique.

Pick three entirely random words, such as raven clockwork burger (don’t choose any words that could be tied to you or your organisation, interests or family).
Put the three random words together.
Congratulations – you have a password that’s incredibly hard to guess, but one that you already remember!

If remembering a number of these random word based passwords proves difficult, there is one final option: the password manager. Password managers allow you to generate complex passwords and store them all in one place, which is secured by a single password. By using the random word technique, you can protect this single account with a memorable passphrase, and ensure all your other accounts are secure and easily accessible.

—

We hope that this advice helps you to understand and implement password security best practice. If you have any questions about cyber security best practice in general, including password security or MFA, get in touch with Sota today.

Insights

View all

Blog What to Consider When Picking Your VoIP Provider

Blog 5 Advantages of Cyber Essentials Plus Certification

Blog AI Threats: Taking a closer look into Deepfake Attacks

Blog Cyber Essentials and ISO 27001: Reviewing Security Accreditations

Insight KPSN Replacement Broadband Service

Blog Wired and Wireless: The Backbone of Connectivity

Blog The Benefits of Microsoft SharePoint

Blog The growing threat of AI-driven phishing attacks

Blog How to achieve seamless IT installations

Insight How dedicated IT support services make businesses more efficient

Insight Driving your business into the future with Teams and Skype

Blog 6 key benefits of high availability solutions

Blog The business benefits of IT colocation services

Blog The benefits of a 24/7 global service desk for uninterrupted IT support

Blog The surprising benefits of wired internet for businesses

Blog The business benefits of Microsoft 365

Blog 5 project management techniques for successful IT projects

Blog The business benefits of using Private Ethernet

Blog How to safeguard your data with GDPR and ISO 27001 accreditation

Blog The crucial role of data protection in businesses

News Windows Server 2012 end of support and migration options

Insight What are the benefits of hiring IT consulting services?

Blog How your IT department can benefit from third party support

Blog 5 cybersecurity threats to watch out for

Blog What’s the difference between Cyber Essentials and Cyber Essentials Plus?

Blog 5 important business benefits of VoIP

Blog 5 business benefits of fibre connectivity

Blog How the green cloud is making IT more sustainable

Blog How Microsoft keeps cloud data secure

Blog The key benefits of using Microsoft 365

Blog 4 key business benefits of cloud computing

Blog 5 major benefits of IT consultancy services

Insight Cyber Essentials update: what you need to know

News Microsoft 365 price increase explained

Blog 3 common colocation myths busted

Blog What is session hijacking, and how can I protect against it?

Insight Data centre tours

Insight Education People Show 2022

Blog How to build a successful colocation strategy

Blog What happens to your data centre in a blackout?

Blog 5 business cyber security tips for Christmas

Blog Why businesses are switching to Microsoft Azure

Blog Migrating to the cloud in 10 simple steps

Insight How to pick a data centre with the Tier Classification System

Insight 5 green computing ideas to revolutionise your organisation

Insight Why Microsoft Teams is the best way to collaborate online

Insight How ISO 27001 can protect your business’s information

News Sota sponsors Monte Carlo Madness

Blog How to keep your devices safe from malware

Blog How you can help mitigate third party breaches

Blog How to implement secure file sharing for your business

Blog How to enlist employees to fight cyber threats

Blog How to avoid being infected with spyware and adware

Insight The best video conferencing apps for businesses

Insight What does a Clear Desk Policy involve, and what threats does it help counter?

Insight How to avoid malicious websites & applications

Insight How to protect your home network from online threats

Insight What is the dark web (and how can I stay safe on it)?

Blog Azure explained: what is it and why do you need it?

Blog 4 simple tips to protect your online privacy

Insight SotaVoice video

Blog What is a virtual private network (VPN)?

Insight SotaConnect video

Insight SotaProtect Security video

Blog How to make remote working more cyber secure

Insight SotaProtect Backup video

Blog How to stay safe from cyber crime

Blog What does BYOD mean, and what security risks does it involve?

Insight SotaCloud video

Insight What’s the difference between information and data?

Insight SotaSupport video

Insight 5 reasons your business needs unified communications

Blog 4 top tips to pass your Cyber Essentials accreditation

News Sota rebrands Educa

Insight Sota promo video

Blog How to fix common laptop problems

Insight What is the UK Data Protection Act, and how does it affect your business?

Blog What is IVR phishing, and how can I avoid it?

Blog Where is data stored, and what is a data breach?

Blog Best practices for email and internet security

Blog How to ensure your cloud computing is legally compliant

Blog What is GDPR, and why does it matter for businesses?

Blog What is PCI DSS and how does it affect you and your organisation?

Blog Social engineering attacks: what they are and how to prevent them

Blog How to handle your organisation’s data and information policy

Blog Why software updates are so important (and how to install them)

Insight How to keep your business safe from ransomware attacks

Insight The best security practices for removable devices and media

Blog What is a denial of service attack, and how can I prevent it?

Blog Why having strong passwords really matters

Blog Why mobile device security matters

Blog How to choose the right IT services provider

Blog How to use social media safely (for individuals and businesses)

Blog How to: safeguard your data

Blog What is: Cyber Essentials Accreditation

Blog The real risk of remote working

Events Cyber security breakfast

News Sota during COVID-19

News Sota launches new corporate identity

Blog Don’t let disaster affect your business

Blog The cyber threat to SME’s