It goes without saying that a strong password is important for your on and offline security—both at home and at work (especially given the new Australian data notification legislation put in place earlier this year, which could see businesses and other organisations fined up to $1.8million for data breaches, unauthorised access to personal information and the loss of data). And we all know our passwords, in most cases, are our first line of defence. However, cyber security insight reports show we have a long way to go when it comes to using passwords effectively.
Nearly one in four (24%) people surveyed use the same password for all accounts. This statistic is of significant concern as passwords remain the most common, and in most cases the only, form of protection used by Australians for our devices. A recent Western Australian government security audit found that 26% of its officials had incredibly weak and easily guessable passwords (more than 5,000 passwords across 17 government agencies included the word “password”).
What makes a strong password?
The traditional password advice follows a fairly simple formula. You’re typically asked to create a password with a minimum of 12 characters, as well as being sure to include numbers, symbols, capital letters and lower-case letters. Likewise, you’re also encouraged to changed your passwords frequently in order to maintain a secure first line of defence for your accounts and applications.
However, contrary to popular belief, using a mixture of uppercase and lower case letters, symbols and numbers, as well as enforcing frequent password changes, has repeatedly shown to be counterproductive to good password security. Over time these traditional password security practices have become commonplace and predictable, therefore making them fairly unreliable and certainly not the safest option when creating a new or strong password.
A good password should contain at least 10 characters with an un-guessable combination of words. Using a phrase with multiple words helps memorisation but remains difficult to guess or crack. A simple rule of thumb is the longer the password the harder it is to hack. Likewise, it goes without saying that you should never share your passwords, or use the same password across multiple accounts, because if one gets hacked the rest become vulnerable.
Strong password examples:
- purple cabbage rabbit
- graceful elephant dance2
- redbull mobile bottle1
A great tool for testing strong password ideas is How Secure Is My Password. However, it is worth noting that exact passwords entered into the site should not later be used as the security of that specific password can no longer be guaranteed. Tools like How Secure Is My Password should only be used as a rough guide for strong password idea testing.
Trying to remember your password for every website, portal, tool and piece of software is borderline impossible—particularly in a work setting where the average enterprise uses 91 services! With programs and services like Skype, Slack, OneDrive, Dropbox, Social media channels, CRM, marketing and sales software, account keeping programs, your online store, website, mail client—the list goes on and on. With more accounts than you can possibly recall, how are you supposed to remember strong, unique passwords for all of them? The simple answer is you can’t—which is why we recommend using a password manager.
A password manager is an application that creates, remembers, securely stores and automatically fills in your passwords for you. A password manager can be incredibly beneficial for any business that wants to boost security, simplify the on-boarding and off-boarding process (did you know that a SailPoint Market Report discovered that more than 2 in 5 employees reported having access to a variety of corporate accounts after leaving their last job!), as well as help employees manage their passwords more effectively. A password manager is a convenient and practical option to help reduce the chance of falling victim to cyber crime that could result in a data breach.
For over 15 years eStorm Australia has been partnering with business, education and government as their trusted Managed IT Services provider, IT Support and single source supplier. Our team of specialists deliver superior on-site and remote IT services tailored to suit your specific requirements.