3 Steps to a Secure Password

Feb 19, 2019 | Security

There’s a lot of talk about cyber security and all the recent data breaches.  But you know what’s missing?  Some basic advice for small business about how to keep their IT systems secure.

In this post, I’m going to tell you the 3 simple steps you should implement today to create a secure password for yourself and something you can share with your colleagues.

As an added bonus – you’ll learn the password security method that makes things simple so you are not having to remember multiple passwords or create a new password every other week.

Step 1:

Think pass-phrase instead of a password.  A pass-phrase is a series of words instead of a traditional password.

An example of a pass-phrase would be “EnglandAreTheGreatestFootballTeam”.

This is much easier to remember than something like “$@d32vpa” and guess what it’s more secure.

The reason for this is due to the length of the password. 

A lot of hackers out their use brute force methods of attacking.

In this method, they run software to guess the password however the longer the password, the more time it takes to imagine.  Having a pass-phrase with multiple words combined takes years to crack instead of a few hours.

Step 2:

You’ve probably been told to change your password on a regular basis.  This is often preached as good practice but research has shown that this is not the case.

The reason for this is due to users just changing part of the password when asked on a regular basis that they must change it.  This often turns out to be changing the last few characters or incrementing a number at the end.  I was guilty myself of this method until the logic was explained to me.

The other reason frequent password changes should be avoided is you tend to forget new passwords sooner and that leads to users writing down their password on a post-it note or similar.

Totally defeating the purpose of what you’re trying to achieve!

Thus, a best practice is to ask employees for password change only in case of potential threat or compromise.

Step 3:

Create a password blacklist policy.

Hackers will sometimes implement what’s known as a dictionary attack on your network and cloud services.  In this method of attack the hackers use a list of the most common passwords people use to force their way into your business systems.

It’s surprisingly easy to do and a very common security weakness.

You can find a list of the most common passwords people use on our website using this free list.

Free Download: Password Blacklist

Find out what the most common passwords are and make sure your staff don’t use any of them.

[sdfile url=”https://gopher.co.uk/download/47092/”]

It’s good practice to show this list of common passwords to your colleagues, inform them of easy to guess passwords that should not be used.

Depending on the IT system your business is using you can also enforce the blacklist of passwords that can be created on the actual system itself.  This is, however, the last resort and best to use the person method as employees can also implement the rule on their personal accounts and email also.

To find out how we can help, feel free to get in contact.

Want to find out how we can help you?

Free Download: 2019 Small Business IT Security Blueprint

Protect your business this year with our free IT security planning guide. [sdfile url=”https://gopher.co.uk/download/47098/”]

You may also like