Blog

The Importance of Secure Passwords

Back
Secure Passwords

Date
30 Mar 2022

Author
Jonathan Ward

So, how secure IS your password? Like… really? How easily could it be cracked by a determined (or even a more casual) hacker. What’s the worst that could happen if that were to happen?

We’re all still making the same mistakes when it comes to secure passwords.

So, how secure IS your password? Like… really? How easily could it be cracked by a determined (or even a more casual) hacker. What’s the worst that could happen if that were to happen?

When choosing a password, most people don’t place much of an importance on the complexity, length, or uniqueness of the password to ensure it’s secure. Unfortunately, hackers out there are continually scanning and attempting to remotely exploit your passwords to all of your accounts.

Password security is important. If you or your business are guilty of using weak passwords, reusing, or rotating certain words or numbers, you’ll be at risk of getting hacked. The consequences of a ‘break-in’ could be catastrophic, with victims losing data, emails, money, images, or even important personal information. If someone obtains all of this, you could even be at risk of identity theft.

Think of it like your home or car. How often do you leave your door unlocked or use a simple latch? It’d make your home or car an ideal target for thieves to exploit since they don’t have to worry about breaking in. The same problem exists with computer and account passwords.

weak passwords are a security risk

The number of accounts needed for all the online services we use daily has skyrocketed in recent years. Password security continues to remain a huge problem for both consumers and businesses.

Hackers continually look for and try very weak passwords. Hackers use brute force (i.e., trying every possible combination of numbers, letters, or special characters) as an easy method of access.

Why Secure Passwords Are Important….

 We here at Reach Studios understand the importance of online security. Cyber security is a major issue these days with the impacts of a successful hack being potentially cataclysmic. Usually, the most common way a hacker will break into your computer or account will be by guessing your password. Commonly used and ‘weak’ passwords allow intruders to easily access and control your device. Some other ways a hacker may try to ‘break-in’ to your account or device include:

  • Force

Hackers use an automated software that works through a cycle of guess work. The software will pair countless combinations of usernames and passwords until it finds a match. Therefore, the easier your password is to guess, the more likely the software will be able to break into your account or device.

  • Dictionary

A hacker dictionary includes a list of the most used password combinations. Hackers will run this ‘dictionary’ against your passwords, making you vulnerable to break-ins if your passwords are weak and used across multiple devices and accounts.

  • Phishing

Not strictly a hack per se, however, phishing, and social engineering still allows hackers to access personal information and pose a threat to password security. Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link. This can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information such as passwords and account information. Social engineering follows a similar process, but is usually carried out over the phone instead.

Ready to discuss a project?

Find out how we can help you grow your business.

Take a look at this table that was created by Hive Systems. Is your password in the green?

brute force security risks

How To Ensure Your Systems Stay Safe: Secure Password Do’s and Don’ts

There are several ways in which you can protect yourself against password security threats. So, if you’re guilty of using ‘12345’ at the end of your passwords. Or if you find yourself recycling passwords across multiple platforms and accounts, then check out the following security tips:

Do’s

  • Make sure your password is long and complex. Make sure it is a minimum of 12 characters. The longer it is the harder it will be for hacker software to guess the combination. It’s hard to believe but they’re still 23 million account holders still using ‘123456’. Furthermore, astonishingly, 57% of people who have already been scammed in phishing attacks still haven’t changed their passwords.
  • Great passwords should contain a combination of characters. As mentioned above, passwords should comprise of 12 characters or more. They should contain a mixture of lower and upper-case letters, numbers, and symbols.
  • Use a string of words may help you remember your password, for instance, ‘GardenVegtablesHealthWellbeing’. Although this type of password doesn’t contain numbers or symbols it will still be hard for a hacker to crack.
  • Set different passwords for different accounts and devices. If a hacker successfully cracks one of your passwords, they will try and access many more accounts/devices that you hold.
  • Use a password manager such as 1Password (Best for business use) or Dashlane (Best for personal use) to keep track of your passwords. Password managers can be great if you struggle to remember or manage all of you login details. If you must write them down keep them in a secure place such as a safe to ensure not just anyone has access to them.
  • Change automatically generated passwords. Some devices or services will auto generate a password when you first sign up. Make sure you change this to one of your own as soon as possible.
  • If possible, use 2 factor authentication (2FA).
  • If you must share a password, use a site such as OneTimeSecret. This site creates a link to a page with your password info (or whatever info you choose). After the page is viewed once, it is gone forever.

Don’ts

  • Don’t save passwords or use “remember me” on public computers.
  • Don’t use passwords that have been used in the past. It might seem convenient but if hackers break into one account, they will try and do the same to others that you own.
  • Don’t use your first or last name, family members names, birthdays or anniversary dates, the word ‘password’, special places or sequential lists of letters or numbers. Other topics to steer clear of are football teams and favourite bands. There were nearly 2 million hacks for passwords such as ‘Liverpool’, ‘arsenal’, ‘50cent’ and ‘blink182’ in recent years.
  • Avoid using words from the dictionary. One of the ways hackers may try to break-into your account is by running your passwords against dictionary words and phonetic patterns. Hackers are also able to scan for common substitutions, so substituting ‘@’ for ‘a’ or ‘!’ for ‘l’ won’t help.
  • Don’t enter passwords when using an unsecured WIFI connection. You may think it’s safe to enter passwords to social media or email accounts, but hackers can easily intercept your private information through these networks.

Conclusion

By ensuring you’re using secure passwords you protect one of the most exploited methods of gaining information or access to your systems. Hackers are always looking at ways of improving their efficiency of attacks, so it is important to stay vigilant.

We also recommend that you investigate the use of a password manger (such as 1Pasword or Dashlane). As well as two-factor authentication for any critical systems. Both of these programs offer password generating features which make it simple and easy to create secure passwords that are hard to guess or crack, for personal or business use.

Furthermore, it is worth noting that even if you don’t want to upgrade to a premium password manager, these days you can use a browser like Google Chrome to create new, strong passwords for you and store them securely. With your credentials stored in Chrome, you can access and use them to log in to your online accounts on other devices such as your Android smartphone.

Lastly, always ensure that your anti-virus and anti-malware systems are up to date. If a keylogger is installed on your system, then your password will be compromised no matter how complex it is.

If you would like more information on passwords, multi-factor authentication, and related password topics chat to one of our experts today.

Did you enjoy this article?

Join our mailing list

MAKE AN ENQUIRY

Let's kickstart your project