Why having strong passwords really matters
The importance of having a strong password is no secret. Yet despite warnings from every website with a login process, many of us still don’t take them seriously. The hassle of remembering multiple passwords can seem disproportionate to the risk of being hacked.
This isn’t true for individuals, and it especially isn’t true for businesses. From credit card details to company files and social media accounts, poor password security can put your finances and privacy at risk. Here are just a few reasons why having strong passwords matters so much, and what you really stand to lose if your accounts are compromised.
The importance of password security
The immediate benefit of good password security is obvious – it stops someone from accessing your accounts. In an effort not to get locked out of those accounts, many people only use one or two passwords across dozens of websites and apps. Naturally, this means that if your password is compromised, a hacker who knows your browsing history – or simply tests out popular websites – could have free reign over much of your online presence.
What fewer people realise is the extent of the data they keep online, and what a treasure trove this can represent to hackers. Personal information stored in various accounts can allow them to not only make purchases, but steal your identity, and use this to set up other accounts. You may also have information online or on your computer that you’d rather someone else didn’t see, or which you only have one copy of.
For businesses, password security is a matter not just of protecting sensitive files and information, but maintaining accountability. By ensuring that only authorised users can access your systems, you can control and track who is accessing that data, and where they are accessing it from. A compromised business account disrupts this hierarchy, and undermines the benefits of networked files.
How an attacker could guess your password
You may have heard various bits of advice in the past about what makes for a strong password. To truly understand what makes for a secure password, it’s important to get a grasp on how attackers try to compromise passwords. The most common ways that cybercriminals will attempt to compromise passwords are:
- Lists of common passwords. Passwords like abc123 and P@ssword1 will be attempted first by attackers.
- Personal information. An attacker could use information like birthdays and pet names that are often easily found on social media.
- Passwords compromised through breaches. If a site experiences a breach and your password is exposed, an attacker may try that password to log into your accounts on other services.
- Using brute-force attacks. The last resort for an attacker is a brute-force attack, which involves going through characters systematically until your password is arrived at (i.e. aaa, aab, aac, and so on…
Keeping your password safe
Password security can feel like a bit of a catch-22: you need a complex password to foil hacking attempts, but they can also be hard to remember. Ultimately though, there are a few rules you have to stick to, regardless of which method you pick for generating your passwords. Neglect these, and the rest of your hard work will go to waste.
It’s important to create a strong password, but the effort will be wasted if you don’t take steps to keep your password safe.
To keep your password secure, you should:
- Try to avoid writing down passwords on paper, particularly in shared spaces.
- Never share passwords with anyone else, including colleagues and tech support.
- Never send passwords in emails, text messages or via apps.
- Never store your passwords in a document, either on your computer or online
While having a secure password is essential, it still may not be enough to stop an attacker. The more secure your password is, the smaller the chance that a cybercriminal could randomly guess it – but it can always happen. A site may also cause your password to become compromised in the case of a breach.
Multi-factor authentication protects your accounts by making you use another method of authentication in addition to your password when you sign in. In this way, a hacker would need access either to an email account or a physical device (e.g. your phone) to successfully access the account with MFA, making it far harder to breach.
This additional method could be:
- A code or prompt from an authentication app.
- A code from a text message or email.
- An authenticated removable device.
If the option is available, you should always turn on multi-factor authentication on your accounts. Even if you don’t think an account contains valuable information, it may still have data that reveals things about you, and could be used to steal your identity or access your other accounts.
How to create a password that’s easy to remember but hard to crack
A perfect password is one that’s easy to remember, but impossible to crack.
While a perfect password is not possible, there is a technique you can use to get as close to it as you can: the three random words technique.
- Pick three entirely random words, such as raven clockwork burger (don’t choose any words that could be tied to you or your organisation, interests or family).
- Put the three random words together.
- Congratulations – you have a password that’s incredibly hard to guess, but one that you already remember!
If remembering a number of these random word based passwords proves difficult, there is one final option: the password manager. Password managers allow you to generate complex passwords and store them all in one place, which is secured by a single password. By using the random word technique, you can protect this single account with a memorable passphrase, and ensure all your other accounts are secure and easily accessible.
We hope that this advice helps you to understand and implement password security best practice. If you have any questions about cyber security best practice in general, including password security or MFA, get in touch with Sota today.