Passwords are one of the basic ways that we confirm our identity when we access systems on our company network, or our own person email account for example. Although many organisations have a policy that requires users to create passwords of a certain length and complexity, the challenge is that the user can fulfil those criteria even if they create a weak password that can be easily guessed or cracked by an attacker. This is yet another intersection of technology and human behaviours that can make or break cyber security.

Did you know that attackers exchange lists of passwords from previous attacks, which they use at high speed in combination with a user’s email address for example, to try to break into a system?

If you are told that you need to create a password that uses upper and lower case letters, with numbers and special characters, the chances are you will use a word that starts with a capital letter, then add a number and use an exclamation point or similar at the end. The attackers know this, and they have millions of examples of them in their password listing. Equally, passwords like querty12345 are, sadly, still frequently used.

The trick is for us all to avoid using ‘weak’ passwords that are likely to feature on the password listing, which means we need to avoid falling into predictable human behaviour patterns. Equally, users need to avoid obvious passwords, like the name of their town or their pet dog, which can be guessed or cracked by a dedicated attacker.

As a solution consider using a passphrase such as “BananaHippoCyclist” and if you want it even more complex, trying adding a few numbers and special characters. And make sure every access you have uses a different password. We all live in the real world, and it can be hard to manage multiple passwords, so you could consider a password manager application to store your passwords, providing you use a very strong master password to access it.

Even strong passwords need extra security, which is why they should be used in conjunction with other multi-factor authentication methods such as facial recognition or biometrics (something you are) or verification codes received on your mobile phone (something you have). Utilising multiple methods of authentication makes it significantly harder for attackers to compromise your accounts.

If you are wondering how to implement this in your organisation, then reach out to us for a free 30-minute consultation to discuss your specific needs and proportionate options. We love discussing this and other aspects of cyber security, so contact us through our website page www.blackarrowcyber.com/contact, and we will get back to you shortly.

In the meantime, Happy World Password Day!