Protecting your digital life – The importance of strong passwords

Today marks World Password Day, an occasion which aims to raise awareness of the importance of strong passwords and to promote best practices for password security. As our digital lives continue to expand, passwords will only grow in importance as a critical component of our online security, in both our personal and professional lives. From email accounts and social media platforms to banking websites and online shopping portals, we use passwords to access a wide range of services and protect our personally identifiable information. However, not all passwords are created equal, and weak passwords can leave us vulnerable to cyber-attacks, data breaches, and identity theft.

The problem with weak passwords

Passwords are one of if not the most commonly used and standardised form of authenticating access to digital services and systems, and as such, they are a prime target for cybercriminals. Despite the widespread knowledge of password security best practices, many users still rely on weak passwords, making them vulnerable to password-related breaches.

The cybersecurity ramifications for weak or poor passwords are truly staggering and are the cause of 81% of company data breaches. Weak passwords are more vulnerable to all types of cyber-attacks. For example, brute force attacks, whereby threat actors use automated software to try all possible password combinations until the correct one is found, is exponentially more effective with shorter and more simplistic passwords.

The importance of strong passwords

A strong password should be at least 12 characters long and include a mix of upper and lowercase letters, numbers, and symbols. Users should avoid using personal information, as attackers can frequently use tools and intuition to make an educated guess about their victim’s likely password. Common words or phrases, such as “password” and sequential or repetitive characters, such as “password123” should also be avoided. Consider using a passphrase, which is a series of words that are easy to remember but difficult to guess. A good way to come up with strong passphrases is to base it on a selection of random objects in your vicinity, such as “@Monitormugwindow495”.

Multi-Factor Authentication (MFA) for password security

Multi-factor authentication (MFA) is a security process that requires users to provide two or more forms of identification before they are granted access to a system or application. It will typically involve three factors of authentication: something the user knows (such as a password), something the user has (such as a security token or mobile device), and something the user is (such as a fingerprint or facial recognition). Through the process of requiring multiple forms of authentication, MFA hugely increases the security of online accounts and systems. Even if a user’s password becomes compromised, so long as they have MFA enabled on their account the hacker won’t be able to gain access without control over the other forms of authentication. Additionally, MFA can help to detect suspicious login attempts and provide alerts, which further improves a user’s cybersecurity.

MFA is a hugely powerful tool for enhancing security both in a professional business context and in one’s personal life. To put it simply, if an online service gives the option of MFA, it should always be used.

Password best practices for stronger cybersecurity

We now know the importance of creating and maintaining strong passwords and are aware of and should be actively leveraging powerful tools, such as MFA, which can be used to elevate one’s account integrity to the next level. However, any person or organisation who uses accounts, applications or devices capable of connecting to the internet must remain mindful of the ever-present threat of cyber-criminality and maintain a sense of constant vigilance.

Here are some additional habits and protocols which will further enhance your overall cybersecurity posture.

Remain phish-aware:

“Phishing” refers to a type of cyber-attack where threat actors will use fraudulent emails, messages, and websites to trick users into revealing sensitive information, such as login credentials and financial information. The attackers will disguise themselves as a known source to gain the victim’s trust and deceive them into giving away their information. The insidious danger behind phishing attacks is that, should a person fall for the trap, they can provide a means for attackers to bypass even very strong passwords. While additional layers of security, such as MFA, can help, it is important for individuals and organisations to always think before they click. Small actions, such as getting in the habit of hovering the mouse cursor over a link to reveal the true destination or verifying the validity of the sender through an another means of communication can go a long way towards preventing successful phishing attacks.

Organisations need to be particularly mindful of phishing attacks; according to the recent State of Cybersecurity 2023 whitepaper from industry-leading cybersecurity providers Sophos, phishing remains a top cyberthreat concern for IT professionals. Through a communication strategy designed to effectively convey the dangers of cyber-threats, organisations can enhance the level of company-wide cybersecurity awareness and increase the level of resilience to attacks. By engaging the support of a managed services provider, organisations can formalise and outsource certain aspects of this function through phish threat awareness training and periodic testing.

Avoid re-using the same password:

A trap people will commonly fall into is using the same password (or close derivatives of it) across all their online accounts. While this does make it easier for users to keep track of their various login credentials, it also makes it easier for the attacker. In such a scenario, when a hacker knows your password and associated email address, they can then use this information and attempt infiltration across the more commonly used online services and may find one where additional security protocols, such as MFA, is not enabled. Using a password management tool makes it easy and convenient for users to create and keep track of a multitude of unique, complex passwords.

Keep passwords confidential:

Just like secrets, the best way to ensure a password remains confidential is to keep it to yourself. Whenever a password is shared with anyone, particularly through internet-accessible electronic means, it increases the chances that it will make its way into the hands of bad actors. This even includes sharing them with yourself, i.e., recording them in an easily accessible notepad or electronic spreadsheet.

Update passwords regularly:

Regularly changing passwords is a critical component in maintaining password security. It’s recommended to change passwords on a regular and frequent cadence, such as every one to three months, and they should be immediately changed if there is a suspected security breach. Through working with an expert and trusted managed services provider, organisations can implement rules and protocols which automatically require employees to update their passwords, on an appropriate and regular interval.

Just as users need to avoid re-using derivatives of the same password across their various accounts, when updating existing passwords they need to take care to change it to something completely different. In other words, changing “Password1!” to “Password2!” won’t cut it!

Datapac has remained as a leader in the field of cutting-edge Information Technology and Cybersecurity for over four decades. If you have any concerns about your organisation’s cybersecurity and would like to speak with one of our experts, please feel free to leave your details below and a member of the team will be in touch shortly.

Damien Mallon, senior systems engineer, Datapac

Follow us on LinkedIn and Twitter for more updates.