With cyber threat at an all-time high, it’s now more important than ever to ensure your company has secure, correctly-stored passwords. These are your first defence in protecting valuable and sensitive information from hackers and malware, so it’s vital to make them as secure as possible. Password-guessing is one of the most common ways a hacker may try to target your business, and using weak passwords across multiple accounts could make you susceptible to an attack.
The graphic above shows how long it would take a computer to hack a password based on entirely random letter and number combinations. It’s worth noting that dictionary words (and other historically breached passwords) are usually tried first and are therefore far faster to crack.
How to create secure passwords
Bits of Entropy
First things first, to understand what makes a password strong, it’s good to know how its strength is measured. A password’s strength is most commonly measured in bits of entropy. Based on the length and character set used, it represents the number of guesses it would take to correctly guess the password. The higher the bits of entropy, the longer it would take to crack, and the more secure the password is. Most password generators should give you a strength indication but below is a rough guide of how the number of bits relates to password strength.
- 28-35 bits = Weak
- 36-59 bits = Reasonable
- 60-127 bits = Strong
- 128+ bits = Very strong (often overkill)
Using Three Random Words
A common misconception is that passwords must always be complicated and difficult to remember in order to be secure. Thankfully, this doesn’t have to be the case.
Whilst creating longer, more complex passwords may seem like a good idea, the reality is that without even realising it, we often fall into common patterns (such as swapping letters for numbers) which hackers are all too familiar with. The three random words system offers the perfect solution to creating secure passwords by enabling you to create a password that is both long, strong, and memorable. Simply choose three (or more) random words and you’ve got yourself a secure and easy to remember password.
Passwords to avoid
If you decide that the Three Random Words system isn’t for you and you prefer to create your own password, make sure to avoid using discoverable personal details such as:
- Current partner’s name
- Child’s name
- Other family member’s name
- Pet’s name
- Place of birth
- Favourite holiday
- Something related to your favourite sports team
Don’t re-use passwords, as if they’re breached from one system they’ll be tried in future attacks.
How to safely store passwords
How you store your passwords is equally as important for protecting your data. Wherever possible, you should avoid storing passwords in places such as emails, paper notes, computer documents and notes apps.
Password managers
Password managers are a great solution that enable you to maintain a network of unique and secure passwords, without having to remember them. When using a password manager, you will have to set up a strong master password (think three random words) that is memorable and consider enabling two factor authentication (2FA) as an additional layer of protection.
Often available for free or at a charge for additional features, they are easy to setup and can include additional benefits such as synching across devices, 2FA, data breach scanning and auto generated passwords.
Some recommended password managers include:
Saving passwords to your browser
Saving passwords to your browser is arguably the most convenient way to keep login details to hand and is safe to do so on your own device. However, it is worth bearing in mind that should someone gain access to your laptop/desktop login, your passwords and data will be compromised. You should also ensure that your browser and operating system is kept up to date and saved passwords are never stored on a shared computer.
What is a keychain password?
A keychain password is specific to Apple products and acts as a master password for the “Keychain Access” app which can store all of your passwords and is protected by industry-standard encryption. Like saving your passwords within a browser, Keychain Access will ask you if you want to store your login information for future use and will give you quick access to login information as and when you need it. It helps security by suggesting strong passwords with high entropy and then making them available across all your Apple devices.
Apart from the password managers listed above, Android users can consider Google Smart Lock.
What is two-factor authentication (2FA)?
A highly recommended final step in making sure your accounts and sensitive information are safe is two-factor authentication. Two-factor authentication (or 2FA), also known as multi-factor authentication (MFA) simply means that two methods of verification are required to access your accounts/system. In most cases it works by having a code/PIN sent by SMS or email which you then enter to prove that it’s you. Other types of 2FA may use fingerprints, face scans or apps for authentication.
Setting up 2FA is quick, easy and the best way to strengthen the security so that even if your password is discovered, your account is still protected.
Whilst it may seem complicated, the reality is that with very little effort you can follow these quick and easy steps which will give your accounts an extra layer of security. To recap, we would recommend using at least one (preferably all) of the steps below:
- Use Three Random Words to create a memorable yet strong password
- Use some form of password manager such as Dashlane or LastPass
- Enable two factor authentication (2FA) on important accounts and information
If you require further assistance or have any questions regarding cyber security for your business, don’t hesitate to get in touch with one of our experts at hello@nexusos.co.uk or call us on 01392 205095.
