2017 was a year dominated by news of cyberattacks, and 2018 seems to be continuing the trend. With cybercrime estimated to cost the world economy $600 billion a year, ransomware and data theft are big business. With firewalls and anti-virus software continually improving, in many attacks the weak spot in an organisation’s security is the human factor – a lost or weak password.
To highlight the importance of this basic but critical element of cybersecurity, May 3rd has been declared as World Password Day. Passwords are critical gatekeepers to our digital identities, allowing us to access online shopping, dating, banking, social media, private work and life communications, and protect our valuable data. In recognition of World Password Day, consumer cybersecurity company BullGuard has offered some important tips on how to create strong passwords and to develop better password habits.
Many people use simple passwords, such as; ‘1234567’, ‘qwerty’ and even ‘password.’ However, using simple password cracking programs hackers can crack these passwords very easily. These ‘brute-force’ programs make multiple guesses at high speed until the password is fully cracked. The program may take a few minutes or years; it all depends on the complexity of the password. If the password is simple it can be cracked in seconds.
At the same time many people use the same username and password for all of their accounts. Hackers can run programs that enter stolen username and password details on tens of thousands of sites until one hits. When it does, they have access to any number of your accounts and credentials.
You may practice good security on your home computers but organisations that hold thousands and millions of customer records, including user names and passwords, are consistently hacked, exposing all the information they hold. This data is typically put up for sale in the hacker underground.
Some of the easiest-to-remember passwords aren’t words at all but collections of words that form a phrase or sentence. This could be the opening line of a novel, a poem or even a song, sometimes with some numbers and symbols thrown into the mix.
Complexity is good, length is also critical. It used to be that an alphanumeric password only 8-10 characters in length was ideal. But these days, it’s increasingly easy for hackers to build extremely powerful and fast password cracking tools that can run through tens of millions of possible password combinations in a second. Each character you add to a password makes it an order of magnitude harder for hackers to attack via brute-force methods.
- Don’t use the same password on multiple websites. If a website is sensitive, that is, it stores personal information such as name, address and card numbers, this information can be used to make purchases in your name.
- Don’t use the password you use for your email account at other online sites. If an e-commerce site you are registered with gets hacked, there’s a high chance that your password, once cracked will be tried for other accounts, including your email.
- Do use two factor authentication if available. Most online services now offer this and it works by adding an additional layer of security to your personal accounts. This can help reduce the risk of particularly nasty cyber-crime like identity theft, phishing scams and online fraud.
- In summary you should use passwords that are lengthy and with some numbers and symbols randomly thrown in. It’s important to adopt two factor authentication, and if you use the same username and password on all accounts it can leave you extremely vulnerable.
Of course it can be difficult to remember secure passwords if they are created properly. As such password managers are a good option. They automatically create strong passwords for you and securely store them, so for each online account you have you can have a robust password that is easily remembered.