Passwords are a vital part of information and network security, serving to protect user accounts. But a password, if poorly chosen, has the ability to put an organsiations entire network at risk. The harsh reality is that people do get hacked with passwords, more often than not, stolen in breaches. But if you can improve password security, you can bolster protection against cyber criminals.
Passwords provide the first line of defence against cyber crime. The more unique passwords are, the more protected your computer will be from hackers and malicious software and you should maintain strong passwords for all your accounts
Three Random Words
The National Cyber Security Centre (NCSC) – which is part of GCHQ – advises that to create a strong password, it should consist of three random words. The key reason for this is that three random words create a password that is strong enough to keep accounts secure but are also easy to remember.
Applying three random words to password security is also more effective than a traditional approach as these types of passwords can be difficult to remember and guessable for cyber criminals.
Additional reasons for choosing three random words include:
- Length – By choosing three random words, the password will meet length requirements rather than passwords generated from a single word
- Impact – Passwords with a range of multiple words can help generate passwords that have or would not have been previously considered
- Usability – Passwords that have a range of characters, numbers, and letters are more difficult to generate, remember, and enter.
The complexity of traditional advice around passwords
Traditional advice around what should be included in passwords is generally focused on a mixture of letters, numbers, and symbols. But this presents the problem of individuals needing to remember character strings that are too complex and is something people can struggle to do. To get over this many people replace common uppercase and lowercase letters with numbers (the letter ‘o’ being replaced with a zero), something attackers are familiar with.
Traditional advice does the opposite of what was intended, making it harder for users as it is essentially a string of unrelated characters with no meaning, creating all sorts of problems.
Password manager
The vast majority of password managers are secure in protecting passwords and are widely considered as the most secure way of protecting your username and passwords from cyber attacks. It is strongly advised to use a password manager.
With a multitude of ways of securing passwords, password managers use encryption as a form of protection. Although considered the safest way of keeping your passwords safe, there remains the possibility of attacks from cyber criminals, but many hackers will view social engineering or phishing as a better way to crack passwords.
Password managers are safe and helpful because:
- They synchronise passwords across a variety of devices, meaning it is easier to log on, regardless of where you are and whatever device you are using
- Help spot if a website is fake, preventing phishing attacks
- Will notify you if you are using the same password across the different accounts you have
- Works across various platforms
Password Phishing
Password Phishing is a type of cyber attack when attackers will call or send a phishing email or text telling the intended victim that they must reset their password or provide personal information to verify an account. Hackers will be using phishing to access passwords alongside personal data as it is a highly effective form of social engineering. This can be in the form of an email account or social media account, just to name a few.
Cyber criminals will deceive victims into clicking on links (asking for them to enter your password) from legitimate businesses to launch attacks. This can cause businesses to lose valuable time, money, and customers.
When using different passwords for your important accounts, it can be hard to remember them all. But effective password management is about using passwords that are strong in their structure and not using the same password across a variety of accounts.
While the advice to follow is using the three random words process in line with the NCSC, passwords should be stored within a password manager to improve cyber security. With the number of places requiring passwords growing day-by-day, storing passwords within a password manager vault, provides added peace of mind around password security.
With several options available when determining which password manager to use, the best and most complete solution is ITGlue and MyGlue.
We use ITGlue to securely store and manage sensitive documents and credentials for our clients. Because we have ITGlue, we’re able to offer individual password management tools (MyGlue) with the following benefits to our customers:
- Users having their own password management vault
- User vault access linked to their Microsoft 365 account for Single sign-on (SSO) security
- Allowing the company to control access to the vaults (Central user control)
- Allowing users to selectively share credentials with their IT support provider
- Have convenient password retrieval through a browser plugin and mobile device app
- Get all of the above at a fraction of the cost of other business-grade password manager subscriptions
Speak to us today about all your cyber security needs, including password security and implementing MyGlue into your business.