? Estimated reading time: 8 minutes.
Megahacks don’t lead -yet- to a safer password use.
We live in a world where almost all of our work processes have been digitized. Organizations can not live without them nowadays. It is almost unnecessary to say that sensitive business information can not be viewed by unauthorized persons. However, hackers could still access such information from a hacking attack on the MongoHQ hosting party. How? Hackers discovered the password of an employee. How was that possible? First of all, it turned out it was a very simple password and second, more worse, the employee used the same password for both his private and business account. Using the same password for both accounts should never happen! More damage could have been prevented if a strong password had been chosen.
It’s not easy to create a good and strong password. It takes time and carefull thinking. In this blog we explain how to create a strong password and why this is really necessary.
Facts and numbers
In 2016, the research agency DirectResearch carried out a study commissioned by the technology website Tweakers on how Dutch people deal with passwords on the internet. There have been a number of major hacking attacks last year and what appears, the Dutch are not at all inclined to change their password policy.
Why a strong password?
Employees who use a simple password for business applications give cyber criminals the opportunity to enter the company’s IT infrastructure through their user accounts. In this way they can not only cause a lot of damage but also track down sensitive information. A strong password reduces the chance that hackers can perform a successful hack attack.
But why do we still use simple passwords?
Everyone knows that a simple password can be a threat to the organization. Despite this fact, we still see that the majority of employees opt for a simple and easy to remember password. The reason? People are afraid to forget their password. The fear of forgetting is much bigger than the awareness that the password can be retrieved, with the risk of a hacked account. However, there are more and more websites and services where a password has to be created. People do not want to remember multiple passwords, so the temptation is very big to choose and use always one and the same.
These thoughts must change when you want to protect yourself against cybercrime as an organization.
How do you create a strong password?
If we are talking about strong passwords then we are not talking about passwords such as welcome, welcome123 or 123456. And no, no passwords in which first or last names and birthdays are used. But how do you make a strong password?
You can create a strong password by using the following items:
- Use a combination of uppercase and lowercase letters, numbers and numeric characters. Here you can think of @twT.Gt5T or ny?E4R5h#.
- Use at least 8 characters instead of just 4. Longer passwords are harder to find.
- Use existing words and replace letters with numbers. For example, an E change for a 3, an i becomes 1, an S becomes a 5 etc.
- Combine unrelated words and connect them with a symbol. For example: Cat and Computer, these can be spelled as K4t#C()Mput3R.
- Take a sentence from a favorite book, poem or song which is very appealing and take the first letter of every word, which then becomes the basis. Then you make the password more complex by exchanging letters for adding numbers and numbered characters.
Tips in general
- Do not write passwords on a post-it and do not store them in the vicinity of the computer
- Never give out a password
- Use a different password for each account
Is my password strong enough?
You have devised a password but wonder if it is strong enough? This is easy to test. Click on the link below and enter in a password to see the maximum time it would take a hacker to crack that password. Use the slider under the year to see how much the maximum crack time has increased since 1982. Also slide up to 2020 to see how quickly a password might be cracked in the future.
Is changing passwords necessary?
According to safety expert Bruce Schneier changing passwords is not necessary. The periodic change of passwords encourages the use of simple passwords. Does this mean that you always have to keep the same password? No, it is wise to change your password once every three months. In case of an employee leaves, they may no longer have acces to the system or network. So all passwords must be deleted! Remember, weak and easy to figure out passwords can have huge consequences for your business.
How secure is your password policy?
Do you want to know how safe your password policy is? Or do you want to receive advice for a better protection for all your systems? Don’t hesitate to contact us if you have any questions. Call us on telephone number +31 88 – 751 02 02 or fill in the contact form.