Using easy to remember passwords, or the same password across different websites increases the risk of hacking, which can cost you and your employer. We've some tips to help.
Statistics from Ofcom show that we're putting our online security at risk and potentially opening ourselves up to online hacking by using easy to remember passwords, or the same password across different websites.
Key statistics from Ofcom
- 55% of people use the same password for most - if not all - websites
- 26% use passwords that are easy to remember (such as birthdays and people's names)
- 47% have used the same password for over 5 years
- 80% of people have never changed their bank PIN
There are a few reasons that our account passwords can be compromised. It could be that someone launches a personal attack against you, or you become the victim of a brute-force attack, meaning that the hacker systematically checks all possible passphrases until the correct one is found. Or, there could be a data breach, often resulting in millions of users account information being compromised.
So what should we be doing to reduce this risk and ensure we keep our passwords safe?
Top tips to boost your password security
- Choose a strong and unique password - Aim for a minimum of 8 characters with numbers, letters and punctuation.
- Avoid obvious passwords - Such as, 1234, 4321, qwerty, password, password123, etc. Avoid using anything which can be obtained from social media accounts - for example, family names, pets, place of birth, school, favourite holiday, or something related to your sports team or hobby.
Do not use:
- Names or business names
- Family members’ or pets’ names
- Your own or family birthdays
- Favourite sports team or other words easily guessed by acquaintances
- The word ‘password’ or numerical sequences (a survey of data breaches showed ‘123456’ had been used in 23 million times!).
- Single common dictionary words, such as ‘kitchens’ that programs can easily hack
- Recycled passwords (for example Jon2, Jon3 etc).
- Keep passwords safe - Avoid writing them down, sharing them with others or using the same password across multiple sites. If you must write them down make sure you use a code that is meaningless to others.
- Change your password regularly - Especially if you think someone else knows it.
- #thinkrandom - The UK government's cyber security campaign encourages the use of three random words (e.g. dogmoonpurple) broken up with numbers and characters to substitute for letters (e.g. D0gm00npu4p!e).
- Use a random password generator - Or create a string of completely meaningless letters and symbols. One way of doing this is to take a random sentence or line from a song/poem, use the first letter of each word, and then add punctuation and numbers to mix it up.
- Use password management software (password vault) - Such as Dashlane, 1Password, KeePass, or Lastpass - to store all your passwords behind one master password.
- For added security, use 2-step factor authentication - If someone logs in from an unrecognised device, you're sent a code (by text or email) which you have to enter to verify it's really you.
- Regularly check your email addresses - Use one of the many websites that check to see if your password has been compromised such as Have I Been Pwned. If someone can access your email, it often means that they can easily reset other passwords.
Want to know more about Information Security?
As well as 50+ free compliance training aids, we regularly publish informative Information Security blogs. And, if you're looking for a compliance training solution, why not visit our Compliance Essentials course library.
If you've any further questions or concerns about Information Security, just leave us a comment below this blog. We are happy to help!