5 Ways to Strengthen Password Security on the Eve of World Password Day

01.05.2024
On the eve of world password day the blog talks about 5 ways to strengthen your password security and this accompanying image shows a woman's hand with black painted nails typing on a black keyboard. Superimposed over the top is an image of a password asterisked out on a transparent block, with the word PASSWORD above it.

To chime with World Password Day on 2nd May we’ve compiled a 5-step checklist to help you create ironclad passwords to keep hackers at bay and your business secure.

Passwords are not only keys to your online accounts but also the gateway to your entire digital life and your business. Cybercriminals are on a constant hunt for these keys because, with them, they can access sensitive data, launch attacks from the inside, plant malware and even sell your credentials in the dark corners of the web.

The risk doesn’t stop there. Business email compromise attacks are on the rise, which can lead to significant financial and reputational damage.

Our no-nonsense resource has actionable tips and strategies to ensure your private data remains private.

 

1. Generate Complex Passwords

Think beyond birthdays or pet names! If you’re creating your own passwords use these tactics:

  1. Variety: Use a combination of uppercase and lowercase letters, numbers, punctuation marks and symbols.
  2. Length: A good password should be at least 8 characters long, and ideally 12 characters or more.
  3. Good strategies: Consider other techniques for generating passwords:

    • Make up an easy to remember sentence, take the first letter of each word, add in the punctuation and substitute letters for numbers. E.g. I like to play golf at the weekends. becomes I1tpgatW.
    • Take two random words, join them with a non-alphabetic character or two, and change a letter to a substitute a letter for a number. E.g. July & Golf becomes Ju1y%G01f.
  4. Bad practice: Here’s what NOT to do:
     
    • Don’t use personal data like a name or any other information that someone could easily discover about you from other sources.
    • Do not choose a word (English or otherwise), proper name, or name of a TV show, for example.
    • Don’t use simple transformation of a word such as putting a number at the start or end, writing a word backwards or simply substituting a letter for a number. You can use a combination of these techniques though.

2. Don’t Reuse Passwords

Keep your passwords unique for different apps. A data leak on one website can make all your applications vulnerable. The risk of using the same or consistent password conventions are many:

 

  1. Chain of Vulnerability: Reusing passwords across accounts creates a domino effect. A breach in one account compromises others using the same password.
  2. Data Breach Impact: Common breaches expose passwords. If reused, hackers easily access multiple accounts, risking your digital identity.
  3. Limit Unauthorised Access: Unique passwords per account restrict breaches to a single account, maintaining security across others.
  4. Password Cracking Risks: Reusing passwords facilitates brute-force attacks, increasing the likelihood of unauthorised access.
  5. Cybersecurity Best Practice: Unique passwords for each account are recommended by security standards to minimise breach impact and protect against unauthorised access.

3. Enable Two-factor Authentication (2FA)

 

Even strong locks can be broken. Even if you have a strong password, it's not entirely immune to hacking attempts. Two-factor authentication (2FA) adds an extra layer of security beyond a password.

When you enable 2FA, after entering your password, you'll typically need to provide a second form of verification, such as a unique code sent to your mobile device or generated by an authentication app. This means that even if someone manages to obtain your password, they will still need access to your secondary verification method to gain entry.

Enabling 2FA significantly reduces the risk of unauthorised access to your accounts, as it adds an additional hurdle for hackers to overcome. It's like having a second lock on your door – even if someone picks the first lock, they still need to deal with the second one.

 

4. Beware of Imposters

Watch out for phishing emails impersonating familiar contacts. Clicking on links in these emails could put your business at risk. Consider these strategies to reduce the risk of phishing attempts:

  1. Anti-Phishing Software: Deploy software tools that detect and block phishing emails before they reach your inbox, using criteria like sender reputation and email content.
  2. Employee Training: Regularly educate your staff on phishing risks. Teach them to scrutinise email addresses, hover over links, and avoid clicking on unfamiliar attachments.
  3. Phishing Simulation Exercises: Conduct simulated phishing drills to gauge staff awareness and responses. These exercises reinforce training and pinpoint areas needing improvement.
  4. Reporting Procedures: Establish clear protocols for reporting suspicious emails. Encourage staff to promptly report any questionable activity to your IT or security team for investigation.

5. Leverage Password Managers

Remembering and creating passwords is hard. Password managers are digital tools designed to securely store and manage your passwords for various online accounts and services. They offer several benefits:

  1. Enhanced Security: Password managers use strong encryption, making them more secure than guessable or reused passwords, reducing the risk of unauthorised access.
  2. Convenience: With a password manager, you only need one master password, simplifying login and eliminating the need to remember multiple complex passwords.
  3. Password Generation: Password managers create strong, random passwords, including letters (uppercase and lowercase), numbers, and special characters, making them highly secure and hard to crack.
  4. Auto-Fill Functionality: Many password managers offer browser extensions or integrations to automatically fill login credentials, saving time and ensuring accuracy.
  5. Cross-Device Syncing: Modern password managers sync passwords across devices, enabling access from anywhere.
  6. Secure Sharing: Some password managers allow secure sharing of passwords with trusted individuals, useful for shared accounts or sensitive information.

Overall, using a password manager can greatly improve your online security posture by enabling you to use strong, unique passwords for each of your accounts without the burden of remembering them all. It's an essential tool for anyone concerned about protecting their digital identity and sensitive information online.

As World Password Day passes, it's vital to reflect on the significance of robust password security practices in safeguarding our digital identities and sensitive information. By adopting the tips outlined in this blog individuals and businesses alike can bolster their defences against cyber threats. Let's continue to prioritise password security not only today but every day, ensuring a safer and more secure online environment for all.

 

For expert business cyber security and small business IT support, contact The PC Support Group today. We’ll be happy to help identify areas of weakness and help you put together a robust password and cyber security strategy. Get in touch now for a free, no-obligation consultation.