Are strong passwords are STILL so important? Yes, and this is why
5 min read
Due to the sheer number of passwords, we use on a daily basis their importance can be forgotten about, creating unnecessary vulnerability.
Here’s how to make sure your passwords are an impenetrable barrier in your cyber fortifications.
Why are passwords a weak point in cybercrime today?
Cyber-attacks are an ever-present threat. Software gets better but so do the hackers.
According to latest government research “the number of businesses [in 2022] which experienced an attack or breach remained the same as 2021 levels” and one in three businesses (31 per cent) who suffered attacks said they get them at least once a week.
This is backed up by another report which found that 81.4% of UK organisations had experienced at least one cyber-attack in 2021/2022.
This just goes to show that attackers are out there and businesses need to remain vigilant. The problem is not necessarily that organisations lack the correct software or the latest updates, although you should make sure of this in a risk assessment.
But it does mean that any chinks in your armour pose a threat. Cyber criminals are quick to keep up with the current landscape and will exploit any area of your network that isn’t protected.
One potential weak point is the passwords your staff team use.
What makes a weak password?
You probably have a pretty good idea of what makes a password weak but here’s a quick overview. We’ll show you what a strong password looks like below
Of course, we’d hope you’re not using something as simple as ‘password’ or ‘12345’ but some people must be using them to make them as popular as they are. Look at this list from Nordpass which shows the most used passwords and how long they take to crack (hint: almost no time at all).
It goes without saying that passwords made up of sequential or repeated numbers, obvious words like ‘qwerty’ or ‘password’ or even common names are simply not going to cut it. Hackers will try any of these as a first port of call.
Equally if your password includes certain personal information such as your name, age, location, children, pets, favourite football team or artist, you could be at risk.
Remember, a lot of this information is freely available through social media accounts and general online activity. If someone wants to hack your account, they will look here for options.
And they won’t be doing it manually either.
How do passwords get hacked?
Serious cyber criminals run programs that try hundreds and thousands of password options in order to find the right one. If yours is one of the ones in the list above, it’ll get found out quickly. If it’s a targeted attack, it’s possible that your personal information could be used against you.
They can also find other ways of narrowing down the possibilities to get closer to the truth. You could play a game to mimic the process (why not get your team involved). Ask yourself the following questions.
Is the 1st character a capital letter? Are there numbers on the end? Does it have between 6 and 12 characters? Does it include a name?
If the answer is yes to any one of those questions, then unfortunately you have used some common password tropes. If the hacker can establish any part of that password, they (or rather their program) can work out the rest much quicker.
Lastpass, a password vault provider, found that there were 280 million malicious login attempts per day, including 300,000 attempted logins per hour from a single botnet. That means they’re out there in great number.
Your password is also more likely to get hacked if you’re using the same password for multiple sites. If one of these sites experiences a data breach, and passwords are stolen and shared on the Dark Web, anywhere else you use that password is compromised.
Hackers can also get hold of passwords by using phishing or social engineering scams. They attempt to trick the user into entering their password or handing over information that could be used to access your account.
For further ways that passwords get hacked this article has an in depth list. The question is how do make your password hard as nails?
How to create strong passwords
If you weren’t already, hopefully you’re now aware of the threat and why strong passwords are needed.
Many websites show you how strong your password is when you come up with a new one, so you’ll have some idea but here’s how to get there.
Longer is stronger
The more characters, the greater the number of potential combinations and as such the longer it’s going to take any program to crack. Over 12 characters is considered strong and if you can have multiple words in it even better.
Mix it up
A lot of websites now require you to include a mixture of characters when inputting a new password but even if that’s not the case we recommend throwing in a number or two and even a special character to add an extra bit of individuality into the mix.
Avoid common dictionary words
Hackers will often use a dictionary for hacking which is essentially a list of common words. If your password is simply a common noun from the dictionary like door, football or monkey it will get picked up straight away. You need to combine this with something else, alter it in some way or have a string of unrelated words together.
Keep it unique and use a password manager
Having a unique password for each website you access is also important and ensures that the rest of your online activity cannot be exploited by hackers.
Of course, the problem is, how can you be expected to remember all those different passwords? One solution is not to remember them at all.
Password managers are a great way of generating unique passwords for each site you use. Those passwords are then stored in an encrypted vault which you can access behind a master password. Whenever you go to log in, it will fill in the password automatically. There are a lot of trusted ones out there, such as Dashlane and LastPass, mentioned above.
Have a password system
Another way to generate unique passwords that you can actually remember is to employ a password system.
This technique involves having a pre-defined system that you come up with, for all of your passwords.
For example, one system could be:
– 2 random but memorable words.
– The website name sandwiched in between.
– 2 tweaks such as changing one letter to a special character and another to capitals.
– Repeat for each website.
This is a great solution for organisations which need an easy rule to follow to ensure there are no weak links on your network.
If you come up with your own password and want to check its strength you could use a password strength checker which will also show you how long it takes to crack that password.
Don’t underestimate the importance of having strong passwords. It can be easy to become complacent and just go with the same password for ease but it’s not worth the risk.
How can we help?
In order to help businesses with their cyber security strategy we offer a completely free data management review which allows us to understand your current position recommend the best way forward. If you need any assistance checking your existing cyber security configuration or would like to discuss improving your organisation’s levels of protection, then please get in touch, we have offices around the country including Hull, Peterborough and Scunthorpe