New research from CyberArk suggests 70 per cent of Australian workers fail to be secure when it comes to choosing a password and their password management.
Given the increasing sophistication of hackers and rise in cyber threats occurring, its crucial for users to follow best practices to ensure the safety of a business’ online accounts.
In this article we will look at some rules to follow to create robust and resilient passwords, what mistakes to avoid during password creation and the role that enterprise password management software can play in assisting business owners and users to simplify the process and enhance online security.
Four rules for creating strong passwords
Creating strong and secure passwords is essential to protecting a business’ online accounts. Here are four rules Adept IT Solutions recommend users follow to ensure the passwords they create are robust and resilient.
- Length matters:
The longer a password is, the harder it is to crack. Users should aim for passwords that are at least twelve to sixteen characters in length. Longer passwords also provide more combinations for hackers to have to guess between, making their task significantly more challenging. - Complexity is key to ensure unpredictability
Use a mix of characters in your passwords. Combine upper and lower-case letters, numbers and special characters or symbols. This complexity makes it more difficult for automated tools to guess passwords through a brute force attack. - Make them unique
Frequently used words and phrases should be avoided as hackers often detect extensively used combinations such as ABC123, 123456, qwerty or even use of the word password in their searches when trying to gain access to software and devices. - Enable Multi-factor Authentication (MFA)
Multi-factor authentication provides an additional layer of security beyond your password. It typically involves using something you know (a password) and something you have (a mobile device or security key) to bolster your online security. This way, even if someone manages to obtain your password, they will not be able to gain access to your account without the secondary authentication device.
Four mistakes to avoid when creating passwords
- Avoid using personal information
Names, birthdates, family members’ names or pet’s names can be easily obtained by hackers and therefore should not be used. While this information might seem unique to you, it is often readily available online or on social accounts and can put your systems and programs at risk of being accessed more easily. - Do not reuse passwords
According to Keeper, two-thirds of internet users reuse the same password for multiple online accounts. It is important to avoid reusing passwords, even those with a simple change of character or number at the end, as this can cause credential stuffing or password spraying.
Credential stuffing or password spraying occurs when a cybercriminal uses the information already obtained elsewhere by cybercriminals to gain access to multiple accounts or programs at a time. - Steer clear of substituting letters and numbers with special characters
While special characters and numbers is recommended in the creation of secure passwords, be careful not to use them as a substitution for a letter in an obvious word or phrase. Examples might include p@ssword or f@cebook for your social media Facebook account. Such choices can be easily detected by cybercriminals with advanced technologies. - Resist the temptation to share passwords
Sharing passwords, even with fellow colleagues, friends or family members can lead to security vulnerabilities. This includes writing passwords down on a post-it-note, a notepad or saving them in an excel spreadsheet for future reference. If you need to share access to a password or use a tool to function as a reminder, use the sharing features provided by an enterprise password manager.
The role of enterprise password managers in online security
Enterprise password managers play a crucial role in simplifying the process of creating and managing secure passwords, particularly for businesses.
Adept IT Solutions recommends Keeper enterprise password management to our clients. Here are seven ways programs such as Keeper can enhance your online security:
- They provide secure password storage
Password managers store your login credentials for various accounts, encrypting them to ensure that even if the manager is compromised, stored passwords remain inaccessible to unauthorised parties. This means you can create complex, unique passwords for all your accounts and let the password manager remember them for you. - They can generate a password for you
Rather than having to think of a password, these programs will generate one for you using a strong combination of letters, numbers and symbols to ensure they are not easily guessed or accessed during a cyber security event. - Autofill and auto-log in
Password managers can be used to automatically fill in log in forms on websites, apps, programs, software and accounts to streamline the log in process and save time. This avoids the need to manually type in credentials and this too can play a role in more sophisticate means of password detection. - Encrypted sharing
If your business has a team of trusted individuals who all need access to collaborate and use the same accounts, password managers can grant access to sensitive login information without compromising security. - Auditing and monitoring
Password managers can help business owners to identify and address weak or compromised passwords. They provide tools to audit your existing passwords, find duplicates and highlight those that may be compromised due to data breaches for required reporting and recommend changes. - Cross-platform and synchronisation
Most password managers work across various platforms, including Windows, macOS, Android and iOS. They often provide synchronisation capabilities to keep your passwords consistent across all your devices. - Mobile accessibility
Most password managers offer mobile apps, allowing you to access your passwords securely on smartphones and tablets. This is important since often online activities take place on mobile devices.
How Adept IT Solutions can help?
Adept IT Solutions can provide cybersecurity awareness training that covers protecting the private data of organisations and their clients from malicious attacks.
If you would like to know more about our cutting-edge cybersecurity awareness and training platform or how to install and use Keeper across your organisation, please feel free to contact Adept IT Solutions on 1300 4 23378 (ADEPT) or email us at info@adept-it.com.au.