Passwords are the basis for all of your cybersecurity efforts. Think of how many different accounts and applications you use a password to login into. So to secure your business you need to make sure that you are using strong passwords.
What is a strong password? Well in this article we will tell you what makes a strong password and how you can set them.
Why are passwords so important?
We have been writing a lot of security advice recently and the same thing crops up again and again. Use a strong password.
Unauthorised access is a major problem for any business that uses technology. The repercussions of unauthorised actions are severe. It can include the loss of sensitive data, the delivery of malware or access to key business applications.
One of the most common ways that hackers break into computers is by guessing passwords. Simple and commonly used passwords enable intruders to easily gain access and control of a computing device.
How to set a strong password
The most common passwords (basic alphanumeric) are all brute forcible in a matter of seconds. This is if they have not already been exposed in a previous data breach because they've been used for other accounts.
So what do you need to do to ensure that the password you create is strong?
The length of your password is important. Anything under 8 characters is simply no good. The time it will take to crack a 7 character password made up of mixed numbers and lower and upper case letters is 3 hours. If you add one character (to make 8 it characters) and that same format password now takes 10 days to crack.
However, using 8 characters or more is not enough by itself. A password made up of only numbers and is 8 characters long can be hacked instantly.
A better format to use is a long password phrase. To make one take 4 unconnected words and use them as your password. For example, 'TrainTreeSpearLoud'. Using 18 characters and mixing lower and upper case letters and this password will take 1 trillion years to crack. We can do better though!
If you take the same password and add a 'stop' character, like so TrainTreeSpe%arLoud you now have a password that will take a quintillion years. Now that is a strong password.
Use a Password Manager
While creating a password that will take a quintillion years is great security it might not be practical for all your passwords. You will most likely have 10's if not 100's of online accounts or applications. Now you can create these strong passwords for each of them it will be impossible to remember them all without writing them down, and we don't write down our passwords.
So how can you create multiple complex passwords for all your different accounts and remember them all? You will need a password manager.
A password manager is a tool that will create and store all the passwords you will need. They will create for you a strong, complex password for each of your accounts. The only password you will need to remember is the one for the password manager. For that, you can use our 1 quintillion years password model.
Click here for more information on password managers.
Check the strength of your password
There are several online tools you can use to check the strength of your password. While none of them will guarantee an unbreakable password, they are a useful way to double-check. Here is a link to a tool from Dashlane. The tool was a bit harsh on our password example, they say it would only take 39 quadrillion years to crack it!
Add Multi-factor authentication
Multi-factor authentication is a failsafe for your passwords. It is an additional layer of security needed to access an account beyond your password. You can find out everything you need to know about multi-factor authentication right here.
Strong password policy
Now you know how to make a strong password you need everyone in your business using strong passwords. Your business needs a documented password policy to prevent passwords from being guessed or hacked. It is as simple as that but its something that companies rarely do.
To help your business create a password policy we have included everything you need to make a business password policy here.
If your business isn't going to use a password manager we highly recommend that you use the password template we have set out in this article. Anything else and you can leave your business at risk.
Tips for creating passwords
At the very worst you can follow these hints and tips when creating your password:
- Keep your passwords private – never share a password with anyone else.
- Do not write down your passwords - Especially not a post-it note on your computer screen! (Yes it does still happen)
- Use passwords of at least eight characters or more - The longer the password the better.
- Avoid using people’s or pet’s names. It’s also best to avoid using key dates (birthdays, anniversaries, etc.).
- Substituting look-alike characters for letters or numbers is no longer sufficient (for example, “Password” and “P@ssw0rd”).
- Don't use the same password for multiple accounts.
Passwords are an essential part of your business cybersecurity. You need to use strong passwords across your whole business to keep out cyber criminals and other malicious activity.
How do your current passwords rate? We have created a report card to show you how your current password is performing and how you can improve it. You can download your copy by clicking the link below.