How to Boost your Password Security
Using easy to remember passwords, or the same password across different websites increases the risk of hacking, which can cost you and your employer. We've some tips to help.
Statistics from Ofcom show that we're putting our online security at risk and potentially opening ourselves up to online hacking by using easy to remember passwords, or the same password across different websites.
Key statistics from Ofcom
- 55% of people use the same password for most - if not all - websites
- 26% use passwords that are easy to remember (such as birthdays and people's names)
- 47% have used the same password for over 5 years
- 80% of people have never changed their bank PIN
There are a few reasons that our account passwords can be compromised. It could be that someone launches a personal attack against you, or you become the victim of a brute-force attack, meaning that the hacker systematically checks all possible passphrases until the correct one is found. Or, there could be a data breach, often resulting in millions of users account information being compromised.
So what should we be doing to reduce this risk and ensure we keep our passwords safe?
Top tips to boost your password security:
- Choose a strong and unique password - Aim for a minimum of 8 characters with numbers, letters and punctuation.
- Don't use obvious passwords - Such as, 1234, 4321, qwerty, password, password123, etc. Avoid using anything which can be obtained from social media accounts - for example, family names, pets, place of birth, school, favourite holiday, or something related to your sports team or hobby.
- Keep passwords safe - Don't write them down, share them with anyone else or use the same one across multiple sites.
- Change your password regularly - Especially if you think someone else knows it.
- #thinkrandom - The Government's cyber security campaign encourages us to use three completely random words (e.g. dogmoonpurple) and break them up with numbers and characters (e.g. D0gm00npu4p!e).
- Use a random password generator - Or create a string of completely meaningless letters and symbols. One way of doing this is to take a random sentence or line from a song/poem, use the first letter of each word, and then add punctuation and numbers to mix it up.
- Use password management software (password vault) - Such as Dashlane, 1Password, KeePass, or Lastpass - to store all your passwords behind one master password.
- For added security, use 2-step factor authentication - If someone logs in from an unrecognised device, you're sent a code (by text or email) which you have to enter to verify it's really you.
Want to know more about Information Security?
As well as 50+ free compliance training aids, we regularly publish informative Information Security blogs. And, if you're looking for a compliance training solution, why not visit our Compliance Essentials course library.
If you've any further questions or concerns about Information Security, just leave us a comment below this blog. We are happy to help!