5 Tips for Password Security: How secure is your password?

The internet has been around for over 30 years and not surprisingly we still haven’t learnt our lesson about online password security. With so many high profile hacks last year from British Airways and TicketMaster to Reddit and Marriot, you would think we’d change our online habits.

Password security company SplashData evaluated millions of leaked passwords in the past year and released its annual list of the most used in 2018 — which also happen to be the worst passwords you can use.“Using your name or any common name as a password is a dangerous decision,” said Morgan Slain, CEO of SplashData, Inc. “Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy to remember combinations.” For five years running, the number one spot still belongs to the ever faithful ‘123456’, followed by the ever obvious ‘password’. Although 2018 saw new entries such as ‘princess’ and ‘sunshine’ and the always inspiring ‘Donald’. Here’s a list of the Top 25 passwords for 2018:

1. 1. 123456
   2. password
   3. 123456789
   4. 12345678
   5. 12345
   6. 111111
   7. 1234567
   8. sunshine
   9. qwerty
   10. iloveyou
   11. princess
   12. admin
   13. welcome
   14. 666666
   15. abc123
   16. football
   17. 123123
   18. monkey
   19. 654321
   20. !@#$%^&*
   21. charlie
   22. aa123456
   23. donald
   24. password1
   25. qwerty123

Even though online password security may seem obvious, the reality is that we’re still not doing it. In order to inspire you, here is our Top 5 tips for online password security.

1. FORGET PASSWORDS, YOU NEED A PASSPHRASE

Hackers use several methods for trying to get into your accounts. They can simply type in letters, numbers, and symbols manually to guess your password or use more advanced programmes that run through every possible combination to crack it. Passwords that are three characters long take less than a second to crack therefore the longer and more complex your password is, the more difficult you make it for hackers.

We recommend: Use at least 12 characters or more in your password (three to four random words that you can remember), make sure it’s a nonsense phrase (not in the dictionary) and use a random non-sequential combination of numbers, symbols, uppercase and lowercase letters ie. PurplemeerK@tbeer$

2. CHANGE YOUR PASSWORD OFTEN

Research by Avast software suggests that almost half of Brits (47%) have never changed their email password since setting it up, or have only done so because they forgot it or were hacked.With Cyber security becoming more sophisticated you need to constantly protect yourself and your identity. A study by Akamai, found thatmore than 43% of all login attempts were made by automated bots trying to break into users’ accounts. It’s generally recommended that you change your password a minimum of twice a year but here at Cubit we typically recommend you change it every 90 days or less if you have multi factor authentication (MFA).

3. DO NOT RECYCLE PASSWORDS

Creating and remembering a strong password can be challenging but it’s recommended you use unique passwords for every account you use, every profile you set up and every device you own must be protected. A study conducted by the UK government’s ‘Cyber Aware’ campaign and Experian found that a total of 27% of Brits of all ages including over 52% of those aged 18-25 reuse their email password across online accounts. It’s recommended that if you’ve used a password in the past, do not recycle or simply change a few characters as you may have been hacked previously and the data may still be out there. In recent years, when hackers completed large-scale hacks, the lists of compromised email addresses and passwords are often leaked online. If your account is compromised and you’re using the same password across different sites, you’re leaving yourself vulnerable. Even big corporations have been taken down by the reuse of a password. Take for example Dropbox. Back in 2012, an employee whose LinkedIn account information was revealed allowed hackers to steal more than 60 million Dropbox customer’s data because they had simply used the same password for both accounts.

Tip: Check if you have an account that has been compromised in a data breach by going to www.haveibeenpwned.com

4. DO NOT SHARE YOUR PASSWORDS

We’ve all heard ‘don’t give your passwords to anyone else’ but how many of us are guilty of sharing our Netflix or Amazon passwords with friends and family? Even at work, we’re prone to password sharing as it makes it easier for multiple users to access a team account. A study by password manager Lastpass found that 61% of people are more likely to share work passwords than personal ones. And it’s not just happening in small businesses. A few years ago, three Conservative Party MPs were warned when they tweeted that they were sharing logins and passwords with their collegues. By setting up web-based document management and collaborative platform such as Box, all communications and documents can be organised and stored in secure single location.

5. START USING SINGLE SIGN ON AND MULTI FACTOR AUTHENTICATION

According to a poll by Intel Security, it found that the average person has 27 online logins. Trying to remember passwords for this vast amount of sites is almost impossible – that’s if you do it securely and don’t reuse passwords. Here at Cubit, we recommend Single sign-on (SSO) which is a session and user authentication service that allows a user one set of login credentials (ie. name and password) to access multiple applications. SSO is helpful on the back end for logging user activities and monitoring user accounts. As well, to give yourself and your business another layer of protection, it’s encouraged to use Multi-Factor Authentication which helps safeguard access to data and applications by requiring a user to provide more than just a password to access the network. MFA provides a second layer of authentication to user sign-ins and transactions in the form of a code sent to a mobile phone or clicking on a link within an email or even a phone call.

Cubit will help you strengthen security around the way users access IT services within your business by helping you to implement Two Factor authentication across all your systems and devices.

Keeping your passwords and your business safe online should be a top priority. To find out more and get a free consultation, please give us a call or contact us now.

Related Articles: 10 Tips for Safer Shopping Online