Share this article
Passwords are not a new technology. People have been using secret handshakes and door-knocks and code words for as long as they’ve tried to keep intruders at bay or share a secret. But while those tools may have worked in the past, today’s world is a far more complex place. Most of us rely on dozens of apps, services and websites that are secured with passwords.
Criminals rely on being able to steal passwords to break into business systems, bank accounts, smartphones, and online services to steal data that can be used nefariously or, more simply, to extract money from you. What can organisations do to counteract this growing challenge?
1. Don’t reuse passwords
When you use the same password for multiple services, a successful hack where that password is stolen means all your user accounts are at risk. Using a different password for EVERY user account means the fallout of one attack is limited.
2. Use complex passwords
The simple rule for passwords is ‘longer is stronger’. Instead of using a word, use a phrase. ‘MaryHadALittlelamb’ is more difficult for a password cracker than ‘Marylamb’, but an even more complex password to crack is ‘-YJ3}W9V*2@ uJ6p2h3*kT-+56K<‘. Because many password crackers use a dictionary to try passwords, you make their task significantly more challenging by avoiding actual words.
3. Use a password manager
lf you’re wondering how to apply the first two tips, you need to think about using a password manager. This application securely stores all your passwords and automatically enters them for you when a program or website asks for them.
Most password managers have a password generator built into them so you can generate long, complex passwords and ‘outsource’ remembering them to the password manager.
If you’re looking at password manager apps, there are many from which to choose. Apple includes one in their desktop and mobile apps called Keychain Access, and Google has a password manager built into the Chrome browser. Others such as 1Password, Last Pass and Dashlane are also popular. Be sure to choose one from a reputable company.
Your password manager will rely on you knowing one password – the master password to its password vault. You can write this down and safely store it (not on a sticky note on your screen or under your keyboard).
4. It’s not all up to users
The success of any password management program is not just about individuals pulling their weight. Monitoring systems that detect signs of intrusion are a must-have. Organisations should also supply password managers and encourage their use for personal accounts. Many password manager tools can separate business and individual identities so that if someone leaves the company, they can take their passwords with them.
5. Multi-Factor Authentication
Even if organisations implement these steps, hackers can still steal passwords. Multi-factor authentication (MFA) is helpful in these situations. An example of MFA most people are familiar with is when your banking app sends you an SMS message with a code to enter to confirm that you are who you say you are when transferring funds.
MFA assures that if your password is compromised, the likelihood of bad guys accessing your data is significantly reduced.
6. Take advantage of modern tools
Many smartphones, tablets and computers let you log in using facial recognition or a fingerprint. These are very secure and extremely hard to hack. It’s important to understand that you’re not actually storing your fingerprint or face when you use a biometric tool like these. The system converts your fingerprint or face into a unique code which is securely stored on your device.
Even if a hacker did extract that data, it could not be used to reconstruct a fake fingerprint or face.
Passwords may be annoying, but they are a fact of life. Creating strong, unique passwords stored securely and backed by MFA will ensure you keep your accounts and data as safe as possible.
Online criminals are looking for easy targets. By making life hard for them, you discourage them and ensure your online information is kept secure.
Speak with a Tesserent
Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.