Password Security 101

With cyber threats constantly evolving and technology developing quicker than ever before, now more than ever, it’s essential to ensure that your passwords are strong and secure. In this blog, we’ll explore the importance of password security, common mistakes to avoid, and best practices for creating robust passwords.

Why Password Security Matters

Passwords are the first line of defence against unauthorised access to your accounts. Typically, passwords are mostly generated by us, people and as such, how we form a strong password and what makes a strong password is down to education and awareness.  Strength does not equal a long password (necessarily), also, following so many major data breaches over time, complex human generated passwords (in excess of 10 billion) have already been harvested and are commonly used in attacks, so you can’t simply rely on what you believe to be strong.

A weak password can easily be cracked by cybercriminals, leading to data breaches, identity theft, and financial loss. As mentioned above, complex and strong passwords that have been exposed during ‘big name’ breaches are also no longer considered strong as they are available to online resources, so we must change our approach to password complexity and security. 

According to recent studies, over 80% of confirmed data breaches are related to stolen, weak, or reused passwords. This statistic highlights the critical need for strong password practices, especially where systems, technologies and platforms have not evolved to incorporate MFA controls or enhanced security capabilities.

Common Password Mistakes

Many people unknowingly make mistakes that compromise their password security. Here are some common pitfalls to avoid:

1. Using Simple Passwords: Passwords like “123456” or “password” are easy to guess and offer little protection.  Furthermore, 15 to 20 years ago, advice was to substitute letters with numbers that looked similar (3 instead of e, 1 instead of L, even ! instead of i), technology now mirrors this ‘logic’ when guessing passwords, so that is no longer deemed ‘strong’.
2. Reusing Passwords: Using the same password across multiple accounts increases the risk of a breach (especially when using the same password for personal accounts as well as business accounts).  Today, we may well have in excess of 10, 20, 50, 100 services that require a password (depending on role and technological adoption) – it can be a stretch to expect that each and everyone of these passwords are complex, unique and not already revealed in a data breach.
3. Ignoring Two-Factor Authentication: Two-factor authentication adds an extra layer of security but is often overlooked – it should be a go-to position to always look for a secondary method of challenge / response or authentication (the best security tends to utilise a combination of something you know, something you have and something you are – these are the three factors of authentication).
4. Sharing Passwords: Sharing passwords with others can lead to unintended access and security risks and often is only done through a lack of education of the value of what your password protects.

Best Practices for Creating Strong Passwords

Creating strong passwords doesn’t have to be complicated. Here are some best practices to follow:

1. Use a Mix of Characters: Combine letters, numbers, and special characters to create complex passwords.
2. Avoid Personal Information: Steer clear of using easily guessable information like birthdays or names.  Our digital footprint extends beyond the workplace and that means it is normally very easy (especially with social media presence) to find out ages, dates of birth, current and former residences, maiden names, siblings, pet names and so on (think back to all those quizzes that were popular in social media circles that asked for pet names, first address etc.
3. Make It Long: This of course depends on what the password is for, but a good rule of thumb is to aim for passwords that are at least 12 characters long, think random phrase.  If the password provides access to systems, accounts, financials, banks etc, it isn’t unrealistic to either double this or ensure multiple points of authentication must be used in conjunction with one another (as mentioned above).
4. Use a Password Manager: Password managers can generate and store complex passwords securely, these are a very secure way of recording all passwords, with one master encryption password and a token that is required to gain access.
5. Enable Two-Factor Authentication: Whenever possible, enable two-factor authentication for added security (in whatever form that may take).

Regularly Update Your Passwords

It’s important to regularly update your passwords to minimise the risk of a breach. Set reminders to change your passwords every few months and immediately update them if you suspect any suspicious activity.  There are also websites that can be subscribed to that will inform you if your username has become exposed.

Password security is the first step to protecting your business. By avoiding common mistakes and following best practices, you can significantly enhance your online security. Take the time to review and update your passwords today and encourage others to do the same. Together, we can create a safer digital environment.