Gone are the days of having just one password. We all have multiple codes and passwords – for our computers and laptops, mobile phones and tablets and the myriad of apps that we can’t seem to live without.
Following on from our cybersecurity article, here are a few common password pitfalls, along with some basic tips on how to make your passwords and devices more secure at home and in business.
Why does good password security matter?
Many of us receive password update reminders from our workplace, IT support, internet service providers, popular shopping sites (eBay, Amazon), streaming services (Netflix, Disney+) and social media sites (Facebook, Instagram, TikTok), but we don’t always invest the time to action them.
However, when hackers gain access to our data, they can compromise your bank accounts or harvest your personal information to on-sell to other groups who conduct nefarious activities. When hackers access business data, the consequences can range from minor disruptions to compromising the personal data of millions of clients, financial penalties and brand disrepute.
“Passwords are like underwear. You shouldn’t leave them out where people can see them, you should change them regularly, and you shouldn’t loan them to strangers.”
Here are some simple tips to improve password security on your home and business devices.
Password Security: What not to do
Don’t use the same password for all your accounts
If you use the same password for all of your accounts and one account gets hacked, all of your accounts could be compromised.
Don’t create passwords that can be easily guessed
Short passwords, common words/phrases, names and birthdays of partners/kids/ pets, and consecutive letters and numbers (such as ‘qwerty’ or ‘123456’) are just a few examples to avoid as they are simple, predictable, and easily hacked.
Don’t reuse passwords
Many applications force or prompt a password change at regular intervals, and reusing passwords (or using variations of previous passwords) defeats the purpose of those regular changes.
Don’t store passwords on your device in a Word or Excel document, electronic notepad or email
These formats are not encrypted, and hacker programs (including malware and phishing software) can easily identify a list of passwords – even if you think you’ve disguised your list with a crafty title!
Don’t share your passwords with anyone, ever
Even if you go to great lengths to create and protect strong passwords, there is no guarantee that the person you’ve shared your passwords with will do the same. Sharing a password with a colleague may even result in disciplinary action if that colleague engages in activities that breach company policy while logged in to your account.
Good Password Security Habits
Create your passwords using a combination of numbers, symbols, and uppercase and lowercase letters
Remember: the longer and more varied your password, the harder it is to hack.
Change your passwords regularly
It may sound obvious, but many of us fail to do it!
Malicious software is constantly evolving, and changing passwords regularly helps to minimise vulnerability.
Use Two-Factor Authentication (2FA) or Multi-Factor Authentication where possible
Many application developers (particularly social media and shopping sites) offer the option of 2FA. As you log into your app with your password, the Authenticator generates a one-time code for you to enter to complete your login.
2FA can also include biometric authentication methods such as fingerprints and facial recognition – even if your password is compromised, a hacker won’t be able to bypass a fingerprint or face scan prompt! Most modern devices, such as Google Authenticator, Microsoft Authenticator, and the Apple iOS Authenticator, offer a built-in program.
Use a password manager
Password managers can generate lengthy, complex passwords and store them securely (encrypted) on your device, in addition to providing regular reminders to update your passwords. Using a password manager also makes having unique passwords for all your applications easier.
Subscription (paid) antivirus programs often contain password managers as part of the protection package. Check what’s included in your package or talk to your Technical Support Team to find out what features it has – providers offer different packages based on protection levels and add-on features.
Some browsers also offer password managers. However, the general rule seems to be ‘you get what you pay for’ – browser password managers are usually free but don’t necessarily offer the same security, encryption/protection and versatility as a paid device-protection package.
Have a password policy in place in your business
A password security policy is a set of rules that state the ways passwords are created and maintained in your business to prevent your systems from being compromised and data stolen.
Being cyber aware
A little cyber awareness goes a long way towards protecting yourself, your business and your networks and data from hacking and data compromise.
If you become aware of a breach of your passwords and applications, notify your Technical Support team as soon as possible. Early action and detection will help protect the rest of the network and minimise or prevent any further damage or data leakage.