Recently we have seen an influx of instances where weak passwords have allowed outside threats to access company data that is thought to be secure. Choosing a secure password is the first step in preventing a data breach or other type of unauthorized access to a company network.
You’re only as secure as the weakest link
It’s important to understand why a secure password is needed to begin with. You might think, “We have a firewall and network security, that should be enough to protect us” or, “Who would want to steal my information?”.
The truth is the best security measures in the world can be bypassed with the right passwords or system access. And while you may think your data is not valuable, what about your customer’s accounts, your business/banking accounts, or your business partners’ information that you have access to? We are entrusted with sensitive data regularly in this day and age and it is all of our responsibility to safeguard it with all reasonable measures.
Here’s how they get you
There are a few ways your account passwords can be compromised:
- You could catch a bug: The most common method of compromising passwords is malware. Malware can infect your system as easily as visiting a legitimate site that doesn’t check its advertisers closely enough – even Forbes.com has fallen victim to this, unknowingly hosting ads on their site that used an exploit to inject malware into vulnerable systems. Once the computer is compromised, malware can capture your passwords and personal data directly from your browser, and while anti-malware software can block some attacks, there is no software that is 100% effective at prevention.
- Someone’s out to get you: There are many people who might want to take a peek into your personal life. If these people know you well or gather enough personal information about you, they might be able to guess your e-mail password and use password recovery options to access your other accounts.
- A brute-force attack: Whether a hacker attempts to access a group of user accounts or just yours, brute-force attacks are a go-to strategy for cracking passwords. These attacks work by systematically checking all possible passphrases until the correct one is found. If the hacker already has an idea of the guidelines used to create the password, this process becomes easier to execute.
- There’s a data breach: Every few months it seems another huge company reports a hacking resulting in millions of people’s account information being compromised. If the same password is used for multiple accounts and your personal information is captured, hackers can use that information to find and breach your other accounts as well.
Strength in numbers… and characters, and symbols.
So, how do you have a “strong” password that is easy to remember? While it may seem tough to do this, there are a few simple tips that can make it easy.
The examples below are a sample of good password practices. No single technique should be used on its own, but rather should be used with other techniques. The combination of multiple techniques will produce a strong password.
- Use a mix of alphabetical and numeric characters.
- Use a mixture of upper- and lowercase; passwords are case sensitive.
- Use symbols if the system allows (spaces shouldn’t be used as some applications may trim them away)
- Use a combination of letters and numbers, or a phrase like “many colors” using only the consonants, e.g., mnYc0l0rz or a misspelled phrase, e.g., 2HotPeetzas or ItzAGurl .
- Pick something obscure but memorable:
- An odd character in an otherwise familiar term, such as phnybon instead of funnybone;
- A combination of two unrelated words like cementhat
- An acronym for an easy to remember quote or phrase (see below)
- A deliberately misspelled term, e.g., Wdn-G8 (Wooden Gate) or HersL00kn@U (Here’s looking at you).
- Replace a letter with another letter, symbol or combination, but don’t be too obvious about it. Replacing o with 0 or a with 2 or i with 1 is something that hackers just expect. It is definitely better than nothing, but replacing 0 with () would be stronger as it makes your password longer and is not as obvious
- An easily phonetically pronounceable nonsense word, e.g., RooB-Red or good-eits .
- Two words separated by a non-alphabetic, non-numeric, or punctuation character, e.g., PC%Kat or dog,~1#
Don’t leave the keys under the mat
After a secure password has been chosen, there are other things to keep in mind to ensure the password is kept secure:
- Do not write your password down.
- Do not use the same password on your computer at work that you may use to logon to a web site.
- Do not use the same passwords for all accounts, such as additional email accounts or other logins you may have on the internet. You may categorize the security level of accounts and choose account names and passwords with this consideration in mind.
- Do not transmit your network password across the internet without it being encrypted. Sites that begin with “https://” rather than “http://” are secure for use of your password – this means it is encrypted and cannot easily be read by other people. If the site you are entering your password on does not start with “https://” then the password is not sent securely and you should not use this password on any accounts that you care about. In any case, do not use your business network password anywhere on the internet except to connect remotely to your work network over a VPN or other approved method.
We are committed to keeping your data and network secure. Security is a partnership however, and following these guidelines helps us work together to keep your data safe and in the right hands.
Please feel free to reach out to us with any questions or concerns you may have about improving the security of your organization. We can always be reached via email at firstname.lastname@example.org or via phone at 615-846-7777.