I will never forget the feeling of seeing a spam email which included MY PASSWORD, that I used to use for almost everything, as the subject headline. It was like I got punched in the stomach, not nice!
That was a long time ago, but even today I hear people jokingly say they still do this and it concerns me. Hopefully if this is you, this graphic by Hive Systems will cause you to rethink.
So how do I create a strong password?
According to Hive, for a password to be strong, it needs to be a minimum of 8 characters with lower and uppercase letters, numbers and special characters.
A popular method is to use a Passphrase.
A passphrase is a password that uses four or more random words as your password. The longer the passphrase, the harder it is for adversaries to crack and it can incorporate symbols, capital letters of numbers. For example ‘Goats Hats! Cr1cket Bell$$’ would be near impossible to crack.
A point to raise here, that although this password would be hard to crack, you still need a unique password for each log in, because if the password is compromised, say stolen by a malicious website, it could then be used to attempt to log into your other online accounts.
Don’t let Google manage your passwords.
Yes its convenient, yes it looks safer now that google suggest strong passwords. But, if you are compromised, which could be more a question of when and not if, your browser may be one of the first places they look and they will be able to access all of your passwords.
Don’t take my word for it though, check out this article by PC magazine.
Ok you say, how do I keep track of my passwords then? Use a Password manager.
A password manager (should) store all of your passwords in an encrypted vault and be accessible only to you, across your devices. There are many different types of password managers available, including free ones. Consider what features you need and compare password managers online.
Personally I use Keeper and yes at first it was clunky and hard to get used to, but now I love it, I don’t need to remember passwords and I know that my logins are safe. I use if for everything!
Cyber.gov.au advises choosing a password manager to check if the company and product have a good reputation. Make sure the product has strong security and privacy features and gets regular updates. Also, check if it supports:
encryption (prevents anyone from accessing your stored information without your master password)
multi-factor authentication
different devices and syncing between devices
breached password alerts
browser extensions for password autofill.
If you are unsure, ask an IT professional or a trusted advisor for help.
Also, be sure that the password manager has a strong password or passphrase that you will remember and turn on MFA to keep the program secure.
For more information about MFA, check out this blog post.
Need some help?
If you need help with business planning, governance, risk or compliance, or to get your business organised, Elouise from Ellevate Solutions is here to help you.