Cyber Security Foundations: Passwords

4. passwords

Good, strong, passwords are an effective way of stopping unauthorised people from getting access to your information and accounts.

Unfortunately, according to one study, we typically use up to 80 passwords online on average. This makes it increasingly difficult to remember them, and getting a password reset if you’ve forgotten it can take an inconveniently long time, even if the reset process works.

This leads to:

  • Not locking devices, because it is more convenient than using a password
    • That’s no protection at all
  • Sharing passwords, because it is easier
    • But then the passwords aren’t secret—not much better than no password at all
  • Writing passwords down, because they are too hard to remember
    • But then these passwords are easy for someone else to find and use
  • Using passwords that are easy to remember
    • And which are therefore easy to guess
  • Using the same password in many places
    • Someone gets hold of your password for one account and can then use it to get into your bank account for example
  • Using the same password for work and for personal accounts
    • Someone gets hold of your pet shop account password, and then uses it to get into the work finance system…

So, how do we solve this problem?

  1. First of all, do set up a password, PIN, fingerprint or face recognition on your devices. Using a fingerprint or face unlock does at least mean fewer passwords to remember.
  2. If you can use two-factor authentication (2FA) on an account, do it. This adds a layer of security, and just means using two different ways of proving your identity. This might mean a password (something you know), plus a code sent to your phone (something you have). You do still have to remember a password, but for important accounts, 2FA adds extra protection.
  3. When you do need a password, the National Cyber Security Centre suggests using three random words. They do need to be random, though, like ‘snailchoircan’, or ‘kipperfacthope’. Don’t use any word relating to your family, pets or hobbies. But if you have many passwords to remember, this won’t help much.
  4. Using a password manager to store all your passwords is much better than writing them down. A password manager means you can use very long and complex passwords such as ‘WH%c~?W)nEq%<{;8u5q ‘ on every site without having to remember them. The password manager will be able to create them for you, too. You will need to remember a master password, but you could use the three random words technique for that one.
  5. And finally, change all the default passwords on your devices before using them. Default passwords are easy to find via the internet and access your device(s).

Contact Click and Protect or call us on 0113 7336230 to guide your business in the right direction.

Read the previous post in the Foundations series: Malware protection

Read the next post in the Foundations series: Protecting your devices