How secure are your passwords?

Cyber Security is an ever-growing concern for businesses.  As more and more breaches hit the news, what are you doing to improve your security posture?  Technology such as firewalls will always be an important part of the mix, but usually the weakest part of a company’s security is the human factor, and a key part of that are the passwords we choose to protect our accounts.

Look at the table, do all your passwords fit into the green section? 

There are various versions of this table out there, and none of them are exactly the same; the truth is that these are just estimates, and both computing power and password cracking techniques are constantly improving – by the time you see one of these tables it is already out of date.  The important thing to take from it is that as your password length increases, the time that it takes to crack it increases exponentially. If your password is 8 characters long, it can be cracked in a matter of hours, regardless of how complicated it is.  My advice?  Choose a password that will take at least 1000 years to crack by today’s standards.

One tip for creating a long password is to use a passphrase instead.  Pick 4 random words of at least 4 letters each, capitalise some of the letters, and straight away you have a password that today will take billions of years to crack.  The caveat to this is that it only works if the words are random; if you use your address, your hobbies, the names of your kids or pets, or anything else that can be connected to you, then attackers can use social engineering techniques to learn this information, significantly increasing their odds of success. 

It is also important to have different passwords for every account.  Every year we hear about well-known companies being hacked, and millions of people’s data being stolen.  This data often contains usernames and passwords; so even if the account in question is a relatively low risk to you in the hands of a hacker, if you use the same password elsewhere, they can simply reuse this password to access more valuable accounts.

It’s very difficult to invent and remember secure passwords for every account, so we recommend using a password manager.

A secure password is great so long as no one else knows what it is. 

But what happens if it does get compromised? 

You should also think about protecting your accounts with Multi-Factor Authentication (MFA).  MFA combines two or more methods of Authentication, known as Factors.  The most common of these are:

• Something you know: This is your passphrase, made up of 4 random words.
• Something you have: Traditionally a device that generates a unique One Time Password (OTP) per login, but often now a mobile phone app, sometimes using notifications instead of OTPs.
• Something you are: This is a form of biometric login, such as a fingerprint, iris or facial scanner. Biometric authentication was made famous in spy movies, but was brought to the mainstream by Smart Phone manufacturers.

You should not reuse the same Factor, a password and a PIN are both something you know, and therefore not Multi-Factor. 

Connexis offer WatchGuard’s AuthPoint service for Multi-Factor Authentication, along with Total Identity Security for a secure Password Manager.  Speak to Connexis today about AuthPoint.  Call 01952 528000.