Simple Password Guide To Improving Your Security Posture.

Share on facebook
Share on twitter
Share on linkedin


Data breaches happen every day.
No one is exempt from the possibility of a cyber-attack. The good news is that in a similar way to keeping our homes secure to prevent a break-in, we can ensure that we effectively implement the most basic security measures to keep our computing systems and business environment safe. Interestingly, we can only do that when we have appropriate knowledge of what to do.

Cybersecurity or Information Technology security is a summation of all the measures we take to protect our computer systems, networks, applications, data from information disclosure, data theft disruptions, and misdirections. With the increasing reliance on computer systems and the internet, we should take security seriously.


Did You Know?

  • 85% of cybersecurity breaches are a result of human error.
  • 94% of all malware is delivered by email. 
  • Ransomware attacks happen every 10 seconds
  • 71% of all cyberattacks are financially motivated (followed by intellectual property theft and espionage). 
  • The annual global cost of cybercrime is estimated to be $10.5 trillion by 2025. (Source: WSR | www.websiterating.com)


Here, we will be looking at passwords and your role as an end-user in mitigating any attempt to breach your security.


PASSWORDS


Your password is your first line of defence against breached access to your computer and personal information. We can liken it to the access key to your home. If you keep your door unlocked, you make it easy for a breach to occur. Keep your password secure to keep the bad guys out.

There are proven password rules you should adhere to if you want to improve your security posture. The stronger your password, the more protected you are from hackers and malicious software, and you should maintain strong, unique passwords for all your accounts. Yes, all of them!

 

What is a Strong Password?

A strong password is hard to hack, not easily guessed and kept secret. The longer your password, the harder it is to hack. 

Research shows that it takes:

  • Twenty-four minutes to hack a password of seven characters, with an upper case, two digits, and a special character. (Kfdt65@)
  • Seventy-one minutes to hack a password of eight characters, with an upper case, two digits, and a special character. (!d8cKf2t)
  • 31.17days to hack a password of ten characters, with an upper case, two digits, and a special character. (db#cKf2tv7)


It is essential to ensure that all default passwords are changed to prevent hacks. These passwords can easily be obtained from the internet or guessed. Our goal is to keep the guessing capacity out. 

Good passwords are not easily guessed or hacked.

For instance, it takes 810.36 days to hack a password of eleven characters, with an upper case, two digits, and a special character. (ba!d8cKf2tz).

Therefore, it is reasonable to make this the minimum requirement for your password creation.

 

PASSWORD GUIDE:

The average person has over twenty passwords. We log into many places such as emails, social accounts, and online banking platforms, and with every log in portal, vendors give varying criteria for password creation. Meeting these criteria could be a pain, especially the need to change these passwords after a short period- maybe every 30days. 

It is hard enough to commit these passwords to memory, but changing them can be harder to manage. 

We have put together this simple guide to help you make the most of how you use your password to maintain your security.

  • Use passphrases

Use passphrases instead of passwords to create sufficient length. Remember, the longer your password, the harder it is to be hacked.

You can generate passphrases from rhymes, favourite songs, and favourite quotes. For instance, Emancipatefrom01ment@lslavery?, generated from the phrase “Emancipate from mental slavery”.

You can use mnemonics as well. If your favourite nursery rhyme is Mary Had A Little Lamb Whose Fleece Was White As Snow, your password could be MhalL78wfww@S 🙂

Research shows that it takes 313 trillion years to crack a passphrase of at least eleven characters with one uppercase, two digits, and a special character. It takes 10 million years to hack mnemonics of similar character content. 

With constant advancements in technology, computers get faster. Ten million years today could be down to a million years tomorrow. The point is that these values could change tomorrow. 🙂

  • Keep your password secret

Do not give out your password.

The greatest password weakness is not brute-force attacks but rather our humanity.

Keeping your password secret is vital to cybersecurity. If your password is compromised, you weaken your system.
Passwords are to be kept secret so choose passwords you can easily remember so that you do not have to write them down.

  • Never use a password repeatedly across platforms.

Create a unique password for every access portal requiring a password.
Using one password across multiple platforms is highly discouraged. When you use the same password in more than one place, you trust that all of those sites are securing your data in the same way. Nothing could be farther from the truth. Your password may be secure on Facebook and Apple, but what about the forum you had to log into to get some information? Their security may not be as robust probably, due to budgetary limitations.
If that site is compromised and your password obtained, every other site accessible using that password will be accessible.
You are best with a unique password everywhere.

  • Use password managers.

A password manager is a computer program that allows users to store, generate, and manage their passwords for local applications and online services.

With a password manager, you can use a different password always. You can write your password in an encrypted database and retrieve it when you want.
Password managers address your ability to have a secure database of passwords that you can call up. It allows you to use complex, really long passwords that you may never remember for every site you use. It is a technology to be considered. It is easy to install and use.

With a password manager, you generate and retrieve complex passwords and store them in an encrypted database. It helps improve your security.

  • Use password policies.

The password lock policy addresses failed login attempts. It permits a limited number of password guesses before you are locked out. Password lockout policies are effective in mitigating brute-force attacks.

If your enforced lock policy is maybe four login attempts, the odds of a hacker successfully guessing your password is extremely low. So if there is a hack attempt, you will be locked on the fourth failed attempt.

The password re-use policy prevents the re-use of passwords previously used on the same platform. The ultimate goal is to maintain a healthy security posture.

As frustrating and pointless as password requirements may seem, they are in place for good and valid reasons.
It behoves you as a user to play your role in maintaining your security posture.
Your IT department can do as much, but it is up to you to ensure that you follow appropriate password use policies and procedures.

In summary, ensure length and complexity in your password creation, use passphrases and mnemonics, and do not share your password or write them down. Get a password manager to make securing your infrastructure a lot easier.

Stay Safe.

Reference: ITPro TV | WSR

If you need to equip your team with the requisite knowledge to mitigate cyber attacks, or you require any of our cybersecurity services, 

we will be glad to be of service to you.

GET IN TOUCH.

© 2022 All Rights Reserved | Hasob Technology Services UK Limited | Registered in England and Wales-No. 12829078 | VAT No. 360 1628 22