Do you use the same password for every login you need, or do you have all your passwords on post it notes around your computer screen? Possibly you bought a lovely shiny notebook to store them in that sits on the desk where you can find it easily.
Managing passwords like this is a potential risk to your business due to unauthorised access to the systems you use and the personal data you control. Unauthorised access to your systems is a data breach which could lead to reputational damage for your business and the risk of fines if an investigation by the ICO highlights negligence.
Passwords feel difficult to create, can be difficult remember and manage without duplication, or using easily recognisable things such as names, dates of birth etc.
What is the recommended best practice?
Use Long Phrases
The standard advice has always been to create passwords of a minimum number of characters, using a mix of numbers, lower and uppercase letters and special characters. This often leads to passwords such as Ch0c0lat3 which are easily identified by hackers determined to access your file, system or bank account. Using phrases such as “donkey electricity cruise flowerpot” are proven to be more difficult to crack.
Always change your password when requested
Some systems, often in a corporate environment, will have an automatic periodic password change notification set up as a prompt. Often what happens is the password is reused and updated from password1 to password2 to password3 etc which can easily be identified and hacked. Some systems will have system policies that prevent password reuse. If you system doesn’t flag the use of a duplicates system best practice would be to create a completely new password every time.
Don’t use easily recognisable passwords
Avoid using recognisable words such as password, your name or other dictionary works as these can easily be cracked. Hackers may use software to repeatedly guess passwords by trying millions of combinations of letters – a method called a dictionary attack.
Use dual authentication
It is now commonplace to be given a widget to generate a one-time code for accessing online banking and making transactions such as transferring money, paying bills or creating new payees. Dual authentication is used in addition to the standard username and password credentials to manage access to your system. Where a systems offers this layer of protection it is advisable to set this up. I use Google Authenticator for my dual authentication however there is a number available.
How do I remember all these different passwords?
A password repository is now an essential part of modern life as we create more passwords for more sites, online repositories and transact our life via ecommerce or online banking. My preferred solution is Lastpass however there are many others. Ensure your password repository is set up with dual authentication for an added security layer.
Contact me via email firstname.lastname@example.org to help set up Lastpass to store your passwords securely