Passwords are possibly the first thing that come to mind when we think of maintaining privacy whilst online. Whether it's our social media profiles, online bank accounts, or our internet devices themselves – everything seems to have the same first line of defence.
The number of password-protected accounts and devices we use means that the majority of people reuse passwords rather than trying to remember several different ones. However reusing passwords, even if they are strong, is unadvisable. It means that if one of your accounts is compromised by hackers, suddenly all your accounts – and all the information they hold – become very easily accessible.
Weak Vs Strong Passwords
Despite the amount of information available about password protection (not to mention the number of high-profile data breaches in the news recently), the two most common passwords are '123456' and 'password'. This makes it very apparent that awareness training around how to set a secure password has not reached the majority of individuals/employees.
Simplistic passwords are easy for hacking software to crack as they follow easily-identifiable sequences, e.g. words and numbers. In other words, once one or two of the characters are cracked, it's easy to guess the following characters and gain unauthorised access to valuable information.
It would be a mistake for employers to assume that setting a secure password is just common sense – something everyone already knows. Either through lack of awareness or 'it won't happen to me' mentality, many individuals still choose weak passwords and/or reuse passwords across multiple devices and accounts. The two most commonly-used passwords mentioned above make this fact very clear! Although choosing strong passwords is basic cyber security good practice, it doesn't mean it should be overlooked when it comes to training, far from it.
As a rule of thumb, a strong password should be at least eleven characters long, containing both upper and lower-case letters, as well as numbers and symbols. Random characters are more secure than sequential or word-like passwords, as they don't follow patterns that hacking software can easily crack. A strong password that follows these rules would take password-hacking software (which can make 100 billion password attempts per second) 500 years to guess. Compare this to less than 1 second for passwords of a combination of 6 random lower-case letters.
Strong passwords avoid using personal information, e.g. dates of birth or pet names, as these are fairly easy to ascertain or guess – many of us put this information on social media, for instance.
Following best practice for setting a secure password means that, on average, we would have to recall eight strong passwords daily. Using a password manager is a good way to remember your passwords, as well as keep them safe from the hands of hackers.
Password managers are usually software applications (they can also be accessed through websites) that store and encrypt login information for the user. They typically require users to remember one strong master password that is used to access the information stored within, although they might also be fingerprint protected on mobile devices. Once logged-in to a password manager, the application will automatically fill in log-in information for the user whenever it is required and also randomly generate non-sequential, very strong passwords regularly. This means that, no matter how complex your passwords are, you won't have to spend time trying to remember them all or regularly update your passwords yourself.
Most web browsers have their own password managers allowing users to store passwords for certain accounts for ease of use. Individuals that take advantage of these sorts of free password-management services should double check that their passwords are encrypted when stored, and also abide by best practices for generating their own passwords.