The risks of not having strong passwords
Blog|by Leanne Bevan|28 September 2022
Welcome to the second part of our Cyber Security Awareness Month 2022 blog series.
The first part looked at multi-factor authentication. We now look at the importance of strong passwords and the benefits of using a password manager.
What makes a strong password?
Strong passwords are complex. Here are some tips on how to create great passwords:
- Use a mixture of upper and lowercase letters, numbers and special characters
- For ease of remembering, make it a memorable (but not identifiable) phrase
- More than 8 characters
- Don't use the same password anywhere else
Often browsers such as Google will help suggest strong complex passwords you can use. And these browsers have their own password manager that you can use. But you should always make sure that you are using the latest version of your browser and operating system, to ensure full security.
What is a password manager?
A password manager is an app on your phone, computer or tablet that stores all your passwords so that you don’t need to remember them. It also enables you to avoid writing them down in a notebook or on a file that could be more easily hacked.
Note, you will still need a master password, to get into the password manager. But at least it is only one password to remember rather than numerous complex passwords for every app and system you use.
What are the risks of not having strong passwords / a password manager in place?
Below you’ll find just some of the risks of not having strong passwords and a password manager in place:
Hackers
Hackers can use social engineering, online research and other tools and methods to identify and hack your password. So, the more complex it is, the better.
Ransomware is one of the top cyber security breaches according to a specialist at Heimdal and a cyber threat report by Acronis. If hackers find access to your passwords and critical data and applications, they can hold them for ransom – where they won’t release them until you pay the hackers a sum of money. But often they’ll continue to up the amount more and more. It’s also a key reason why you should also have a backup solution in place too.
Shared computers
As the NCSC notes, if you’re using a shared computer outside your home (for instance, at a college or library) you should never save your password in a browser.
If you're sharing a computer in your household, either with family or housemates, then you’ll have to think about who else could access the computer (and therefore your saved passwords) and decide if you’re ok with this. The safest option is to:
- Make sure that everyone has their own account on the shared computer
- Make sure that everyone logs out when they’ve finished using it
Company reputation
Your company’s reputation can be at stake too if hacked. If customers see that you don’t take the necessary precautions, they may lose trust in your organisation and the safety of their information, and therefore move elsewhere. Losing your customer loyalty and income.
Benefits of having a password manager
Though browsers often have built-in password managers these days, if you have your own password manager in place, you or your IT management team have more control; you can back it up and protect it. Plus, include passwords for systems and apps not hosted on a browser.
IT admins and managers can also manage who has access to the password management areas. You can remove employees that leave the company, assign access to folders with important senior-level data and assets to just those that require access, and more.
Protect your password manager
The NCSC recommends that you protect your password managers for the extra layer of security.
Why?
- If you forget the ‘master’ password for your password manager, you will not be able to get back into your accounts
- If a cybercriminal accesses your password manager account, they will have access to all your accounts
Here is what they recommend:
- Turn on two-factor authentication on the password manager account. This means that even if a cybercriminal knows the ‘master’ password, they still won’t be able to access your password manager account.
- Choose a strong ‘master’ password to control access to your password manager account (for example by using three random words). Note that you can’t store this password in the password manager itself, so if you can’t remember it, it's OK for you to write it down on paper, provided you keep it safe and out of sight.
- Install updates for your password manager app as soon as you're prompted.
Cyber security training
Providing interactive, educational cyber security regularly to your employees can help to ensure they are following cyber security best practices. Especially when it comes to creating strong passwords.
There are companies out there that provide cyber security training and solutions out there, so you don't have to take the time out training all your staff yourselves.
How can Grey Matter help?
Grey Matter offers a number of password management and cyber security training solutions. We also offer multi-factor authentication and patch management solutions too.
We can discuss your options and work out which solutions would best suit your requirements to ensure multi-layered protection for your peace of mind, compliance and data security.
Fill in the form below to find out more and book a consultation with our cyber security expert.
The next installment will focus on the importance of updating software.
Contact Grey Matter
If you have any questions or want some extra information, complete the form below and one of the team will be in touch ASAP. If you have a specific use case, please let us know and we'll help you find the right solution faster.
By submitting this form you are agreeing to our Privacy Policy and Website Terms of Use.
Leanne Bevan
Related News
ESET Threat Report H1 2023
Twice a year ESET collates its threat research to bring you an overview of the key trends and findings. Businesses can use this to gain insight into the cyber security landscape, and use it help identify areas that need further...
[WORKSHOP] Microsoft Azure: Cloud Native Apps
Thu 14 September 2023 3:30 pm - 5:00 pm BST
Our Azure Solution Specialist covers modernising existing applications and building new apps in a cloud native way
JetBrains .NET Day Online ’23
Tue 26 September 2023 8:50 am - 8:00 pm BST
A free .NET community event Join JetBrains on 26 September 2023 for this free annual online event for .NET developers. Ten amazing community speakers will share what they’re passionate about in the .NET world. Topics include C#, F#, Blazor, Avalonia,...
[WEBINAR] How and why penetration testing is your secret weapon
Wed 27 September 2023 3:00 pm - 4:00 pm BST
In this session with Secure Impact, we’ll run through several common industry myths around penetration testing, and discuss best practices.