How strong is my password? - 18 tips for a strong password
Creating a strong password is important…
Follow our 18 steps to create a safe password
Technology has evolved at an exponential rate, making it easier for people and businesses to become complacent when using technology in everyday life, which is why all employees need to create a safe password.
A task that would have been considered complex, can now be done on mobile phones or personal computers. A cybercriminal getting into systems such as your workplace environment, which might contain customer information, bank accounts, emails, and of course social media accounts, can be accessed through a single device. So, you might be wondering 'is my password safe?' This is an important question to ask.
When you access your systems, there is a username and password stored on the device. Therefore, if someone compromises your device, they can monitor and intercept all communications without your knowledge.
Unfortunately, as technology has expanded, so has the demand and techniques for a third party to attempt to gain access to your devices.
Any and every business faces the same challenges despite size, industry, or location. Access to any company and a hacker will attempt to take any information or money you own. So, it’s always wise to be on the side of caution. That’s why we’ve outlined a few steps to create a strong password, to help you protect your business and prevent any data breaches.
At CapNet, we ensure you are kept safe. So, we’ve outlined a few simple tips for you and your employees, on creating an effective password and making sure you keep safe on the web.
1. A long password is a safe password:
The longer your password the less chance someone has of guessing it. Most websites will advise using a minimum of 8 characters. However, you can choose to use more to keep your password extra secure.
2. Mix numbers, symbols, and upper-case and lower-case lettering:
The more you mix it up between these four combinations, the better protected your password will be.
3. Never use personal data for a safe password:
Some hackers and automatic systems will keep attempting different lower-case, upper-case, numbers, and symbol combinations to get it right. This is their job after all. They’ll stop at nothing to get what they want.
So, why not add extra security to your passwords by avoiding using personal data such as names or birth dates? A hacker may try to access your device or accounts by using all the data they have gathered about you. Try to not use a password that holds meaning or that someone can guess from browsing your social media.
4. Avoid using sequenced numbers or lettering:
This is a common mistake that many people fall for. Use random character placement. The more you mix up your letters, numbers, and symbols, the better off you’ll be at avoiding any threats. Password123 is not a good password and would take less than 40 seconds for an automatic attack to crack.
5. Avoid using memorable keyboard paths:
Hackers know every trick in the book. For example, if you’re using ‘qwerty’ or ‘1234’ as a password, you might want to reconsider this.
6. Use uncommon and peculiar words for an extra safe password:
If you want to ramp up your password security, use a mix of random words as opposed to a singular word. By using multiple, random words and combining them, it’ll be too complex to guess. You can even add random letters or numbers in-between these words to further the complexity.
7. Don’t use the same password on all accounts:
Are you use the same password across all your different accounts? You should consider changing them. If a hacker has managed to guess your password for your emails, then they’ll be able to access all your other accounts.
By switching each password up, you will keep the individual accounts secure if someone has gained access. If a third-party website suffers a data breach, then passwords are usually sold on to other people who will try your email address and password on different sites.
8. Never trust anyone with your password:
When entering sensitive information on a website, assess the site first to make sure it’s genuine and safe. Don’t enter your details unless you know it’s genuine. You can usually do this by reading the reviews or seeing if the website is certified.
9. Never text or email your password or personal details:
If you text or email someone with your password or personal details, you can't guarantee that a cybercriminal won't hack their account in the future. If this does happen, you will compromise yourself.
Also, an email is sent via plain text, with no encryption. So, it's possible that someone can read in transit.
10. Be careful when writing or typing passwords:
You need to be careful and avoid writing your passwords down. As tempting as this may be, especially when trying to remember it, if you were to lose your diary/notebook, or someone was to get hold of it, you risk them taking your account information.
This is the same when entering your password on your device. If you log onto Facebook whilst sitting on the bus, you never know who is sitting next to you or behind you. Public Wi-Fi is not safe, and we advise not to enter any transactional information such as bank details as someone might compromise your data.
11. Select a security question that only you know the answer to:
There’s no point picking the question ‘What’s the name of your first pet?’ if anyone can find this information out by browsing your social media channels. Pick a question where the answer isn’t on your social media channels, or that someone else doesn’t know about you from the conversation.
12. Create a password policy for employees:
It's not just you who needs to be asking 'Is my password safe?' employees need to ask this too.
It only takes one person to be hacked for them to obtain a range of information from your business. By implementing a password policy, you can make sure all your employees are adhering to the rules and doing all they can to keep the business safe.
13. Change your passwords regularly:
Changing your passwords regularly is great for security. However, this doesn’t mean you should get sloppy by using the same password and adding an exclamation at the end. By putting a password management policy in place, you can ensure employees are fully changing their passwords.
14. Avoid phishing emails and texts:
Many hackers will put your data at risk by sending fake emails or even calling you for sensitive information. These scams can be easy to fall for as the emails they send out are designed to look genuine. The key to avoiding these hackers is to always stay alert. If you aren’t sure if it’s a genuine email or call, don’t feel pressured to hand over sensitive information. Nine times out of ten your gut is always right.
We also provide a short article on how you can spot the signs of a phishing scam!
15. Use two-factor authentication to increase password safety:
Using two-factor authentication will additional layers of security to your accounts if your password is obtained. When someone tries to access your account, you’ll be notified via email or text, giving you the chance to change your passwords. The other user will also be rejected from logging into your account, giving you peace of mind that your business data is safe.
16. Use a VPN:
If you’re using public Wi-Fi, it’s easy for someone to intercept your username and password. However, using VPN will help you keep your details secure.
17. Invest in user training:
How can we expect users to identify fraudulent emails and attempts for third parties to gain access to systems if we do not deliver the required training?
18. Finally, keep your anti-virus up to date:
This way, if someone was to access your device, the anti-virus will detect it and neutralize it. A centrally managed business-grade anti-virus software system is fundamental for all business users.
Creating a strong password is easy and can help keep your business safe. However, if you’re still unsure as to whether you’ve created a strong and effective password, you can use sites such as ‘Is my password secure?’ to test how long it would take for your password to be cracked by a computer. This is a useful tool for businesses and employers to make sure they are creating excellent passwords and complying with security.
It may also be time to review Cyber Essentials and GDPR policies, to ensure that working from home has been covered. So many businesses were unprepared for having their staff working from home, so this has been massively overlooked. As more people are having to use personal devices and personal Wi-Fi to access and store personal data, it’s important to spot any vulnerabilities that might be open to data breaches. By doing this, you will also protect the business from liability and ICO data breach procedures.
Remember to share our tips with your colleagues, friends, and family so that everyone is keeping safe whilst surfing the net.