Anyone who has been in any of my training courses or sessions will know the importance that I put on passwords/passphrases.
The Australian Cyber Security Centre's Stay Safe Online Program (https://www.cyber.gov.au/acsc/view-all-content/programs/stay-smart-online) details the importance of having a strong password see below:
Passwords and PINs are used to identify who you are. Sometimes they are the only defence to protect your information against unauthorised access.
In my opinion this is the first and easiest step in improving the safety and security of your home network and devices as well as your online presence
Weak passwords are easy for cybercriminals to guess. They use automated software that can potentially guess 350 billion passwords per second! If your password or PIN is captured, guessed, or stolen, a cybercriminal can potentially:
- send emails from your accounts
- withdraw money from your bank accounts
- change files on your computer such as invoices
- steal your identity.
Create strong passwords
The key thing to remember when creating a password is that the longer it is, the stronger it is.
Think of a passphrase that is made up of at least four words, including at least 14 characters, for example 'horsecupstarshoe'; Make it meaningful to you so it is easy to remember.
Using strong passwords lowers your overall risk of a security breach, but they do not replace the need for other effective security controls, such as installing anti-virus software and updates to your operating system as soon as they're released.
Do not include the following things in your passwords:
- repeated characters
- arbitrarily mixed letters, numbers and symbols
- single dictionary words, your street address or numeric sequences (such as 1234567)
- personal information
- anything you have previously used.
It is also better not to change your passwords frequently, for example each month, as it leads to poor passwords being created.
Using a phrase or sentence, not one word, as your password
A passphrase is similar to a password. It is used to verify access to a computer system, program or service. Passphrases are most effective when they are:
- Used with multi-factor authentication
- Unique - not a famous phrase or lyric, and not re-used
- Longer - phrases are generally longer than words
- Complex - naturally occurring in a sentence with uppercase, symbols and
- Easy to remember - saves you being locked out.
Passphrases create greater security and more convenience:
- Harder to crack against common password attacks
- Easier to remember than random characters
- Meets password requirements easily - upper and lower-case lettering,
- symbols and punctuation
Brute Force Attacks and Dictionary Attacks both generate millions of password/passphrase attempts per second.
Passphrases will significantly increase security across all of your business' devices.
Maintain password and PIN hygiene
Maintain password and PIN hygiene to keep them safe:
- Don't use the same password for multiple services or websites.
- Don't share your passwords with anyone.
- Don't provide your password in response to a phone call or email, regardless of how legitimate it might seem.
- Don't provide your password to a website you have accessed by following a link in an email-it may be a phishing trap.
- Be cautious about using password-protected services on a public computer or over a public Wi-Fi hotspot.
- If you think your password may have been compromised, change it immediately and check for any unauthorised activity. If the same compromised password has been used on another site, create a new password there as well.
Treat PINs in the same way you would a password:
- Don't use obvious patterns like 1234, 4321 or 7777.
- Don't use postcodes, birthdays or other significant dates and numbers.
- PINs should be a random mix of numbers, letters and characters.