Six best practices for creating secure passwords

June 2019 Home Security, Cyber Security

On May 2, we celebrated World Passport Day. The goal is to promote better cybersecurity hygiene by upgrading easy-to-guess passwords or refreshing older passwords that may have been compromised through some data breach. Think of it as the cyber equivalent of testing and replacing the batteries in your car’s key remote.

 Doros Hadjizenonos
Doros Hadjizenonos

According to the Verizon Data Breach Investigation Report, 81% of breaches leveraged either stolen and/or weak passwords. That problem is compounded because one of the biggest risks to data security is the reuse of passwords across accounts. If one of your accounts is compromised and your user name and password are posted on the dark web, cybercriminals who know how often passwords are reused will simply begin to plug that information into other possible accounts until they unlock one that uses the exact same credentials.

This is a common risk, as 83% of people have admitted to reusing passwords across multiple sites. Even if you think it is safe to reuse passwords on accounts that don’t house sensitive data – a breach there can be used as an entryway to move laterally across networks in search of critical business data or personally identifiable information (PII).

What constitutes a weak password?

Short, simple passwords take fewer resources for hackers to compromise. In fact, hackers maintain databases of the most common words, phrases, and number combinations that they can run your password through to find a quick match.

Some of the most common passwords are baseball and football team names, any variant of 123456789, and QWERTY. Avoid using common password themes when creating a passphrase, such as the following:

• Birthdays.

• Phone numbers.

• Names including movies and sports teams.

• Simple obfuscation of a common word (‘P@$$w0rd’).

How to minimise password-based cyber risk

When creating new accounts or updating well-used passwords, keep these six best practices in mind to minimise password-based cyber risk.

1. To add an extra layer of security, use multi-factor authentication wherever possible. This confirms your identity by utilising a combination of multiple different factors, such as something you know or something they have, such as a token generator on your smartphone.

2. Never repeat the same password for different accounts.

3. Change your passphrase at least every three months. This will lock out cybercriminals who may be using your account, protect you from brute force attacks, and remedy the issue caused by cybercriminals who purchase lists of usernames and passwords obtained through data breaches.

4. Ensure no one is watching as you enter passwords.

5. Be cautious when downloading files from the internet as they may contain key loggers as well as password grabber malware variants that will compromise your password. A good practice is to regularly scan for the presence of such malware.

6. Use a cloud-based password manager to enable you to create and store strong passphrases. This is especially important if you require strong passwords for dozens of accounts. Password management tools allow you to securely store an encrypted list of passwords in the cloud that can be accessed from any device. Not only will you only need to remember one password to access your password locker, the passwords you store there for your various accounts can be even stronger because you don’t have to remember them.

When it comes to password security, everyone has a role to play in the protection of PII and corporate data. IT teams and stakeholders should review the common risks of weak passwords with their organisations, as well as remind everyone of these best practices. This simple practice can help employees better protect their data, while minimising unintentional insider threats to the organisation.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Where are your crown jewels?
June 2019, Wolfpack Information Risk , Commercial (Industry), Cyber Security, Security Services & Risk Management
Understanding what data they store and analyse is gaining increasing urgency for organisations that are now accountable to new(ish) privacy regulations such as the GDPR and our PoPIA.

Read more...
Axis 7th generation ARTPEC chip
June 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
Axis has launched its 7th generation ARTPEC chip, optimised for network video, to improve all the signature Axis technologies created to address difficult light conditions.

Read more...
Kaspersky Lab to open office in Kigali, Rwanda
June 2019, Kaspersky Lab , News, Cyber Security
Kaspersky Lab has announced plans to open a new office in Kigali, Rwanda, to support the rapid growth of its business in East Africa.

Read more...
SIM swap fraud expands
June 2019 , News, Cyber Security, Financial (Industry)
A new wave of attacks targeting financial services and online services have become very common in South Africa and the wider region.

Read more...
Tackling the insider threat
June 2019, Secnovate , News, Cyber Security
Secnovate and its strategic partner, Condyn, has run a series of executive briefings on insider threats, which represents a growing and important threat vector for all organisations, big and small.

Read more...
A secure home on your phone
June 2019, Fidelity ADT Security , Home Security, Perimeter Security, Alarms & Intruder Detection
The latest offering in home security from Fidelity ADT is a product that gives the customer the control they need over their home security – no matter where they are.

Read more...
Home automation made easy
June 2019, HiTek Security Distributors , Home Security, Residential Estate (Industry), Products
Home automation makes is possible for apps, devices, alarm systems to integrate with each other seamlessly, allowing the consumer to customise their functions to their taste and priorities.

Read more...
Smart access keypad
June 2019, Salto Systems Africa , Home Security, Access Control & Identity Management, Products
Danapad is an easy-to-install, wireless, smart access keypad that enables homeowners and businesses to manage secure access control to their houses.

Read more...
Netgear Armor on Orbi Wi-Fi
June 2019, Duxbury Networking , Home Security, Cyber Security, IT infrastructure
Netgear has announced the worldwide availability of Netgear Armor Cyber Threat Protection, powered by Bitdefender, on Orbi Wi-Fi mesh systems, to protect home IT and IoT devices.

Read more...
Integrated solutions for home security
June 2019, Centurion Systems , Home Security, Access Control & Identity Management
Our entrance gates are the thresholds between the outside world and us, the barrier between order and potential chaos.

Read more...