Following last month’s Phishing blog and given that cyber security is a key area of focus for us here at Shoal, this month we are looking at Password Management. You may already be familiar with the need for a “strong” password, however, with the multitude of systems needing passwords, it’s a challenge to remember them all. Weak passwords can be cracked in seconds and if you have used the same one over multiple accounts, if one system is compromised by a hacker, many others could then be too.
The longer and more randomised a password, the harder it is to break. Recommendations on the number of characters vary but a minimum of 12 with a mixture of upper and lower case, special characters and numbers is sensible. Avoiding easily guessable combinations is imperative as evidenced by this CNN Business article (Apr. ’19) with an alarming top 10 most common including “password”, “qwerty” and “abc123”! Stringing together three unrelated words that you can remember is an excellent alternative but avoid pet or family names as this information is often publicly available and can be easily obtained by hackers.
Multifactor Authentication (MFA)
MFA is essential for important accounts (e.g. your email account, Microsoft 365, online banking) as, if a hacker does successfully steal your username/password, they would also need your device (e.g. phone) in order to access your account. This is because MFA requires the user to provide two or more verification factors to gain access to a protected resource.
Why is a Password Manager essential?
As it’s nigh impossible to remember unique, strong passwords for all your accounts, most people end up reusing passwords, which can be a major issue if one password becomes compromised, requiring you to change all your passwords. A Password Manager is a programme allowing you to store, manage and generate passwords for all your accounts. It is accessed with one master password which becomes the only one you need to remember. Once set up, the necessary account passwords are easily retrieved from the vault. A password manager relies on strong encryption to protect all the passwords in your vault.
Secure access dos and don’ts
- Make sure you always use a strong password
- Don’t use the same password multiple times
- Don’t share passwords
- Use Multifactor Authentication wherever it is available
- Use a Password Manager
- Make sure all your data is backed up regularly, just in case