Is Your Password Secure Enough?

If your using a dumb password, and that’s the only thing between you and your online data, you will be a victim.

Billions of passwords are sold to cyber criminals on a daily basis the world over and if your ‘one password fits all’ makes it onto there, you can bet its only a short matter of time before you have a digital nightmare on your hands.

But I can’t possibly remember multiple different passwords, let alone complex ones?

The good news is, you don’t have to.

Use a password manager (even the NCSC recommend you do) and it will do all the leg work for you. It will generate complex passwords automatically and save them in its database, then when you visit the website it automatically fills in your details. This is seen as a risk by some, but this risk is smaller than using passwords you can remember. Password Managers have a mobile app so you can access from any device you own and activated with a fingerprint or face ID, for example.

Some brief history on passwords

As the years have gone by, what might have been passable as secure 15 years ago, just simply isn’t anymore.

For example: password1 can be cracked/broken into within 0.29 seconds – pretty scary huh!

However, Password! Increases the theoretical crack time to 35 minutes (many moons ago, before it became a commonly known combination and will be on every hackers database). 

Obviously we don’t recommend you use either of those examples, but it shows how a simple change can make the hackers life harder.

OK, so what kind of password SHOULD I be using?

Quite simply, if you’re using over 8 characters, with a mixture of upper, lower, numbers and special, plus it isn’t an actual ‘single use’ word in the dictionary, you’re on the right track. A password management tool will create a jumble of letters, numbers and symbols that make absolutely no sense to anyone and this is about as secure as you can get – the longer the password, the longer it takes to crack.

I don’t want to use a password management tool though, so what can I do?

Not everyone will want to go down that route, or perhaps you might be sceptical for one reason or another, but there is no easy and secure way for you to remember your passwords, and re-using the same one is a big no no.

Think of yourself somewhere, it could be on holiday, or at your favourite bar etc. What 3 things come to mind? Let’s say you’re on holiday and you think of ‘sunny’ ‘seaside’ ‘pier’. This follows the NCSC guidance on using ‘Three Random Words’, but it can be much better.

Example:

sunnyseasidepier

Now lets make it secure:

Lets simply substitute  the letter ‘e’ for the number 7, and add some capitals and we have

SunnyS7asid7Pi7r

Even if you wrote down on a post it on your screen ‘e = 7’ then you’ve not compromised your password and hopefully you have an easier way of remembering it.

DO NOT use common substitutions such a ‘3 for e’ or ‘@ for a’ etc – these are cracked in seconds.

For more information on password security, feel free to give us a call on 01323 287828, or to take your passwords and security one step further, take a look at our article on becoming Cyber Essentials certified.

Talk to one of our friendly experts. 

Keen to learn more? Explore our other resources on Connectivity Solutions below: 

• Email Spoofing Scenario
• Phishing/Ransom Attack Scenario, What Would You Do?
• How to protect your business from hackers
• What is an SSL certificate and why do I need one?
• What is the Difference Between Penetration Testing and Vulnerability Scanning?
• Principles of GDPR compliance and the Rights of Data Subjects
• Password Security—The Benefits of Multi-factor Authentication