With every passing week, month and year we are being presented with the option to move more of our lives online. We shop online, we bank online, we date online, we game online and we do business online.
We of course want to keep our information secure and therein comes the need for passwords to accommodate all of our online activity. The argument would be made by some that passwords, although useful, are at times inconvenient. For those who think like this, it is often the case that shortcuts are used to get through password–entry as quickly as possible. Such methods include:
– Selecting a password that is ‘simple’ and ‘easy to remember’.
– Writing a password down and leaving in somewhere that is convenient, but not necessarily secure.
Recently, a list of the ‘worst passwords of 2015’ was released and the top two spots were occupied by ‘12346’ and ‘password’. Whilst using passwords such as this may make it more ‘convenient’ for a user to login to a site/system, it would make it just as easy for an unauthorised user to do the same – which can put your personal information or that of your business in jeopardy!
Passwords can be hard to manage for various reasons, including:
– If done in accordance with best practice, they can be complicated.
– You may need multiple passwords.
– Some passwords need changed on a regular basis.
– Some sites/systems that require passwords are used less frequently.
Despite this, passwords are essential for your own protection, the protection of others and the protection of your business, and it is therefore imperative that they are made to be as secure as possible. When selecting a password, it’s important to take the following into consideration:
– Make it complicated – most sites will recommend including upper and lowercase letters, and at least one numeric character. This can be enhanced by also including symbols (@~:?><+_-=|).
– Make it long: the longer the better, but your password show be no less than eight characters.
– Don’t use personal information such as family or business names, your address, date of birth or phone number. These can be easy to figure out.
– Change your password on a regular basis, e.g. every 90 days.
– Don’t use the same password for multiple accounts.
If you are unsure whether or not your password is strong enough, there are tools available that can help you create strong passwords.
It can’t be denied that applying this to every password you use will be laborious, but there are ways of managing your passwords that are more user–friendly. There are some free options and there are some that have paid subscriptions.
At Nitec, we are offering a service called Password RBL. This is a blacklist for passwords that should never be used. An example would be P@55word. This has a combination of upper and lower case letters, number and symbols but this is still a bad password.
Password RBL sits between your users and the password change method and makes sure no passwords like this make it into live use despite meeting the complexity criteria. To find out more, feel free to get in touch.