- Employee awareness
- 5 min read
Understanding and implementing password security tips is essential to protect your data from hackers. With so many passwords needed for various online accounts, it can be daunting to keep them all secure.
With the ever-changing dynamics of cyber threats, password security best practices are constantly evolving. Stay informed and ahead of cyber threats by subscribing to The Insider. Our newsletter is your resource for the latest updates and practical advice in cybersecurity.
In this edition, we delve into the top password security tips, examine how hackers crack passwords, and share the latest guidance on creating and managing strong passwords.
Strong passwords are the cornerstone of an effective cyber defence. Here, we distil the top 10 tips that strengthen your password security awareness, safeguarding your digital presence against unauthorised access.
It's tempting to use memorable personal details in your passwords, but this is a fundamental mistake in maintaining password security. Any information about you that's publicly accessible or easily guessed should be strictly off-limits. This includes family names, pet names, personal locations, and even your hobbies or interests. Despite this, a Bitwarden survey found that 25% of respondents still use their pet's name in their passwords. The amount of personal data readily available to hackers online is often underestimated. Making their job easier is the last thing you want!
Previously, the common practice was to craft a base password and tweak it with unique characters or numbers for different accounts. However, this strategy is now recognised as a vulnerability. A savvy hacker who deciphers your base password can easily compromise multiple accounts. It's crucial to create unique and distinct passwords for each site you register on, leaving no room for pattern detection and ensuring a higher level of security across all your digital platforms.
Many browsers, like Chrome, Safari, and Explorer, provide the option to save your passwords, seemingly simplifying the process of filling out online forms. Despite its appeal, avoid using your browser as a password vault. Hackers can deploy malware to infiltrate your browser's data, extracting stored passwords. According to Atlas VPN, Google Chrome is the world's most vulnerable browser, with over 3000 vulnerabilities to date. This statistic highlights the potential risks of relying on browser-based password storage.
Simple, standalone passwords are alarmingly prone to hacking. Cybercriminals employ tools like rainbow tables to breach accounts, targeting commonly used passwords in both hashed and encrypted forms. The latest shift in best practice is moving away from traditional passwords to passphrases. A passphrase, crafted without personal references and integrating random elements, offers more protection.
Effective passphrases, for instance, might be “CarpetChinaRocket153”, “keyFacemagEnta76”, or “fasHionloRryfly923”, which are significantly harder for hackers to crack due to their complexity and unpredictability.
Many websites and online platforms prompt you to include special characters in your passwords for extra security. It is crucial to do this effectively. Avoid the common mistake of substituting letters in your base password or passphrase with similar-looking special characters. Hackers are on the lookout for these predictable patterns.
For instance, changing “CarpetChinaRocket153” into “C4RPE7CH1N4R0CKE7153” can be easily decoded by hacking algorithms that swap letters for special characters. Instead, weave special characters throughout your passphrase in unpredictable ways.
A more secure version of “CarpetChinaRocket153” would be “Carpet%$China/?Rocket**345!”, where special characters are interspersed unpredictably, enhancing the passphrase’s complexity and security.
A surprisingly common, yet highly insecure practice is the use of keyboard paths as passwords due to their ease of memorisation. This approach significantly weakens password security. Avoid creating passwords from sequential keyboard paths like “QWERTY” or “123456”, as they are exceedingly vulnerable to hacking attempts. Alarmingly, NordPass reports that over 1.5 million people still use “123456” as their password, illustrating how widespread this issue is. Opting for such simplistic sequences could leave your accounts wide open to cybercriminals.
While creating passwords, you'll typically encounter a minimum character requirement. To generate a stronger password, double the minimum requirement. The length of your password plays a vital role in its strength, as longer passwords are significantly more complex to crack. For instance, a password with 12 characters can take up to 62 trillion times longer to breach than one with just six characters. This fact highlights the advantage of opting for passphrases over traditional passwords, as they naturally allow for greater length and complexity.
Two-factor authentication (2FA) is crucial for defending your accounts against cyber-attacks. Many websites and social media platforms offer 2FA as part of their security setup. If it's not automatically enabled, you can usually turn it on in the security settings of your account. With 2FA, a unique code is sent to your phone via SMS if there's a login from a new location or device. This extra step means that even if a hacker cracks your password, they're unlikely to bypass the 2FA, as they won't have the code sent to your mobile device.
With the amount of responsibilities you juggle daily, adding password memorisation to the mix isn't necessary. A password manager can effortlessly generate and manage your passwords, associating each with the correct account. This tool stores all your passwords in an encrypted vault, offering convenience and enhanced security. Several respected password managers are available, including LastPass, Dashlane, and NordPass, each providing robust protection for your digital keys.
Once, frequently changing passwords was standard advice. But now, it's understood that this can lead to simpler, predictable patterns. If you have a strong password that has stood the test of time, stick with it. But, if you see suspicious activity or unrecognised logins, quickly update and change your password. Shockingly, a Google survey indicates only 45% of people change their passwords after a breach, a habit that's crucial to improve for enhanced online security.
Understanding hacker methods is critical for robust password protection. This section reveals four methods used to compromise passwords, equipping you with essential password security advice to safeguard your digital footprint effectively.
Dictionary-based hacking involves an automated program that methodically tests dictionary words against your password, from the most common to the least. It targets and easily cracks accounts secured with basic, predictable passwords. For instance, simple combinations like “Pass1546” or “Liverpool786” are particularly vulnerable to this type of attack. This method demonstrates the risk of using easily guessable passwords and underscores the importance of creating more complex, non-dictionary-based passwords for better account security.
Social scraping is a tactic where hackers manipulate the common practice of using personal details like names, birthdays, and other publicly shared information in passwords. For example, “Rover011063” is easy to guess if these details are accessible on your social media profiles. Hackers often troll these platforms, gathering data you have posted with the intent to exploit your passwords. This highlights the importance of choosing more secure, less predictable passwords.
Brute force attacks involve an automated program cycling through every possible character combination to uncover your password. These attacks are particularly effective against short, simple passwords. For instance, if your password is a variation of “Password” – a highly insecure choice – a brute force attack would systematically try variations like “p455w0rd” and “p@sswOr6” until it successfully cracks it. This method showcases the vulnerability of basic passwords and underscores the need for more complex, lengthier password choices to prevent unauthorised access.
In phishing attacks, hackers disguise themselves as trustworthy individuals or organisations to extract sensitive information from you. They craft deceptive websites, send misleading emails, and even make fraudulent calls, all designed to trick you into unknowingly revealing your data. To defend against phishing, remember this crucial password security tip: never give your password following unsolicited requests, regardless of how convincing they may seem.
Below, we've compiled a list of top password generators and managers, each with unique benefits, to elevate your password security practices:
LastPass: This 100% free password generator is available for both desktop and mobile. It generates passwords up to 50 characters in length and seamlessly imports them into one of the market's leading password managers.
Dashlane: Compatible with desktop and mobile, Dashlane can create passwords of up to 40 characters. While its password management features may not be as intuitive as LastPass, it remains an excellent choice.
NordPass: With the ability to create passwords up to 60 characters long, NordPass offers a free base version of its Password Manager, combining ease of use with robust security.
KeePass: As a free and open-source tool, KeePass might require more setup. However, it compensates with speed and the ability to follow specific password generation rules for various websites.
These tools simplify the process of creating strong passwords but also align with the best tips for password security, ensuring your online accounts remain protected against cyber threats.
In cybersecurity, you will often see news stories and press releases notifying the public of data breaches and hacks. It is difficult to ascertain whether your account or email has been compromised in these breaches because we sign up for so many things online.
The public service website, Have I Been Pwned takes your email address and notifies you whether data associated with an account linked to your email is compromised. This site has logged over 12 billion compromised accounts. It is a safe and respected site, and you should use it regularly to see if you have been breached and which passwords need updating.
There are multiple tools available online to check the security of your password. At The Security Company, we recommend How Secure Is My Password, a tried and trusted tool for checking any password.
Following effective password security tips to create hacker-resistant passwords are crucial steps in safeguarding your online presence. It's about transforming your approach to digital security and staying ahead of potential cyber threats.
At The Security Company, we're committed to empowering organisations to strengthen their cyber defences. Our develop knowledge and skills services offer comprehensive E-Learning and training modules on a wide range of cybersecurity topics, including in-depth guidance on password security. We emphasise targeted and role-based training, tailor-made to address specific needs. By partnering with us, you gain access to resources and knowledge that will not only enhance your password security but also fortify your overall digital resilience. In the battle against cyber threats, knowledge is power. Let's work together to build a safer digital future.
© The Security Company (International) Limited 2023
Office One, 1 Coldbath Square, London, EC1R 5HL, UK
Company registration No: 3703393
VAT No: 385 8337 51