The Fundamentals of Password Protection 

How to stay secure online

Password security is one of the most critical factors in overall cyber security.

Given the number of online services we use on a daily basis and the number of times we have to log on and authenticate ourselves, it should be no surprise that many people take shortcuts with their passwords, such as reusing passwords and letting applications remember them.
However, this is one area where shortcuts can lead directly to disaster.

We believe that our passwords are secure and that they can be reused repeatedly without consequence. However, what we all forget is that if one account is compromised, all accounts utilising the same combination of password and email can easily become jeopardised. This includes not only work but also personal accounts.

Generating Passwords

To ensure that your network remains secure, we recommend users utilise various passwords and combinations for each platform that they use. Especially ones that contain confidential information. 

When creating a password, the best way to avoid potential bias is to use a random password generator. These tools are free and create random combinations taking into account pre-determined characteristics you set based on best practices (using numbers, symbols, upper and lower-case letters). 

If you have a large number of passwords to store, you might want to invest in a password manager. These tools can be used as a central database of login credentials and can be used collaboratively with your team. They will help to securely store and manage all passwords, ensuring that long, complicated and secure passwords are not a burden to you as you only need to access via a central login. More information below. 

Password Managers

Password managers help you by securely storing, encrypting and entering your passwords when you need to log in to a service. In addition, most password managers have an inbuilt password generator, which will generate and then store passwords following our above criteria. 

Password managers do, however, have one potential downside, that all of your passwords are accessible from a single login, known as your master password.

Finally, there is one more step that can be taken to help secure your passwords and logins, 2-Factor/multi-factor authentication (2FA/MFA).

The Fundamentals of Password Protection

2-Factor Authentication

2-Factor Authentication - Password Protection

2-Factor authentication is the use of a secondary device (generally a mobile phone) used to authenticate login attempts with an automated verification code. 

This method ensures that if a breach occurs, they will not be able to gain access to the account as they will need a secondary authentication code to verify their details.

It is known as 2-Factor Authentication as it requires 2 distinct methods of authentication:

  1. The registered password 

  2. A pre-registered device that can be sent a confirmation code for submission

This method protects accounts in attempts against you as a safety net. Most services will let you know when someone fails a 2FA check and provide the opportunity to change your password.

Password Security Recommendations

  • Avoid reusing passwords

    • If passwords are reused, one compromised account means all accounts could become compromised. Important programs/websites/platforms that store sensitive information should all utilise separate login credentials if possible. 

  • Activate 2 Factor Authentication (2FA) 

    • Not all platforms have 2FA, but large ones will. 2FA should be enabled for all accounts in particular valuable/important services – such as emails, banks, and password managers. 

  • Implement rules that enforce usage of minimum characters, numbers, letters, symbols, etc. 

    • Longer passwords with complex chains are near impossible to guess or create algorithms that can guess them. 

  • Use a random password generator

    • These help you to generate passwords free from bias and incorporating best practices (mentioned below).

  • Don’t use common words as passwords

    • Common words (including combinations, or with numbers replacing letters) are easy to guess as most people use words that are familiar to them. FYI, a football fan might use the password 'Demons1'

  • Don’t use names, dates, or other personal information in passwords

    • If an attacker knows you or somehow gets this information (like a birthday or anniversary from Facebook), then they can make a knowledgeable assumption about your details. 

  • Regularly change your password (We recommend every 2 months at a minimum for any business) 

    • As a system admin or even a business owner, you should enforce your employees on your network to update passwords every 2 months minimum.

  • If in doubt, use a secure password manager

    • Password managers help you to generate and use long and complex passwords without causing you the hassle. Just ensure that you use a strong master password, or else all your passwords could be compromised. But, please do your research and pay for the right solution. 

Request a free quote today!