A password is something we use every day, sometimes multiple times a day, and because of that many of us keep it simple.
Passwords are one instance where it's good to over complicate things!
Most passwords today have some pre-defined requirements. For example – capitals letters (N), Number (123…), a set minimum length and some will require a symbol (@#$). These are not put in place just to annoy you. The most valuable commodity we have in our business is information and some people (hackers) spend all day and night trying to gather that information from you and your company. By forcing you to add complexity to your password you are reducing your risk of someone being able to crack it.
Why short is not always sweet
For example if this short and complex password - C0mp|3>< suffered a brute force attack it would take approx. 3 days @ 1000 guesses a second to crack. This password meets the minimum requirements for a basic password but it’s a terrible password to type and remember.
For a really secure password you should try and use a minimum of four random common words. For example #Sunshinehotonmyneck1 or @Pennystopusingourwif1. This will provide a very secure password and not make it a chore to remember or type and if it comes up against a brute force attack it would take approx. 550 years @ 1000 guesses a second to crack!
Here are some helpful links when choosing a password:
Check the strength of you password using Microsoft password checker
The 25 most common passwords (to avoid) of 2013
Don't use the same one across multiple Cloud services and applications
Many of us use the same email/password combination for our social media accounts, personal email accounts (eg. Gmail), Dropbox etc. It's like a universal key. If one is breached, all are potentially compromised.
Once you have it...keep it safe
We see passwords all the time usually on a “Post it” note attached to a monitor (being our personal favorite). This is not a secure spot to keep a password. It can be the best password in the world but it is no good if your share it with everyone in the office or the odd passersby.
Some suggestions for password security for you and your business.
1. Get a password encryption application – this is a program that stores all your passwords.
2. Change your passwords semi regularly – especially when someone leaves the business.
4. Don’t use the same password for multiple sites or services
Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques. The term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.
Here are a couple of examples of social engineering:
Phishing - A classic is the letter from a Bank asking you to sign in via the attached shortcut to revalidate your password. You log in and the fake site collects the information for later use or resale. Can you tell if an email is phishing? Take the test
Baiting – The attacker will leave a USB drive or CD around with a file that might be a current movie or mp3 and wait for someone to try and run the application. This will then install a “Trojan” and potentially allow access to your PC/Server or sit and collect data for a period of time and then email it to a predefined email address.