Are your passwords as secure as an open door? While many IT security experts are focused on patching software, closing weaknesses, and implementing expensive security software, your employees could be using simple passwords like 'password' and 'abc123'. Weak passwords remain one of the easiest ways to hack into a system, and there are many millions of weak passwords in existence (what's more, these ineffective passwords are often re-used by employees across multiple sites, making it even easier for hackers to gain access). Leaked databases of email addresses and password pairs exceed the hundreds of millions, and these exposed passwords may still be in use by your employees – all a hacker has to do is check.
It's not hard to see why people use simple passwords. These days we all need to remember so many combinations of usernames, email addresses and passwords that it's tempting to reduce this mental overload by recycling one or two memorable passwords.
This is why organisations must constantly remind employees of the importance of strong passwords. A weak password isn't just a threat to the individual and their information. A weak password is an open door to the entire organisation, meaning that it's more than a matter of personal preference: it's an existential threat.
Here are seven tips for creating and maintaining secure passwords:
Keep passwords secret
This may sound obvious, but many people share their passwords with friends, colleagues, or family members at one time or another, but never go back and change their password afterwards. Remind employees to keep passwords to themselves, and never enter or create a password when someone else is watching.
Don't recycle passwords
Enormous databases of passwords are circulated widely online. These contain hundreds of millions of stolen passwords – which your employees could still be using to gain access to your systems. Remind people to use unique passwords for every service. Password managers can help generate and store complex passwords securely.
Avoid using personal information
Your children's or pet's names may spring to mind when you try to create a password, but these details are often available to anyone who cares to scan our social media profiles. Avoid such easy-to-find details and choose something harder to guess.
Don't use dictionary words
A single word from the dictionary is quick and easy to crack. Even if you replace some of the letters with numbers and characters, you're making life too easy for the hackers.
… Unless you use six unrelated words
Putting six random words together in a string that makes no sense can be a viable password strategy. For example:
- PerplexBravadoMonkeyRivalsAttentionSponge is a long, secure password that would make life difficult for hackers and their password-cracking software.
Turn phrases into random strings of letters/numbers
Turn a phrase into a password – i.e. 'I loved eating ice cream in Venice in 2016' becomes IleiciVi2016 – or 'I went camping and lost £20 in my sleeping bag' becomes Iwcal£20imsb. This tactic can create impenetrable passwords that are also easy to remember, particularly if the phrase relates to a fond memory or a happy occasion.
Change passwords regularly
However good your password, there's a chance that it could be circulating online. By changing your password every year, you limit the risk of hacking considerably.
Does your organisation enforce strong passwords? Do you have a method for helping employees manage multiple passwords?
Employing a culture of security and training, and then testing this knowledge on a regular basis, is the most effective way to safeguard against data security threats and eliminate user errors. eLearning is a great way to foster a culture in which everyone understands and respects data security protocols, and wherein cyber-security risks are kept to an absolute minimum.