The risks of not having strong passwords
Blog|by Leanne Bevan|28 September 2022
Welcome to the second part of our Cyber Security Awareness Month 2022 blog series.
The first part looked at multi-factor authentication. We now look at the importance of strong passwords and the benefits of using a password manager.
What makes a strong password?
Strong passwords are complex. Here are some tips on how to create great passwords:
- Use a mixture of upper and lowercase letters, numbers and special characters
- For ease of remembering, make it a memorable (but not identifiable) phrase
- More than 8 characters
- Don't use the same password anywhere else
Often browsers such as Google will help suggest strong complex passwords you can use. And these browsers have their own password manager that you can use. But you should always make sure that you are using the latest version of your browser and operating system, to ensure full security.
What is a password manager?
A password manager is an app on your phone, computer or tablet that stores all your passwords so that you don’t need to remember them. It also enables you to avoid writing them down in a notebook or on a file that could be more easily hacked.
Note, you will still need a master password, to get into the password manager. But at least it is only one password to remember rather than numerous complex passwords for every app and system you use.
What are the risks of not having strong passwords / a password manager in place?
Below you’ll find just some of the risks of not having strong passwords and a password manager in place:
Hackers can use social engineering, online research and other tools and methods to identify and hack your password. So, the more complex it is, the better.
Ransomware is one of the top cyber security breaches according to a specialist at Heimdal and a cyber threat report by Acronis. If hackers find access to your passwords and critical data and applications, they can hold them for ransom – where they won’t release them until you pay the hackers a sum of money. But often they’ll continue to up the amount more and more. It’s also a key reason why you should also have a backup solution in place too.
As the NCSC notes, if you’re using a shared computer outside your home (for instance, at a college or library) you should never save your password in a browser.
If you're sharing a computer in your household, either with family or housemates, then you’ll have to think about who else could access the computer (and therefore your saved passwords) and decide if you’re ok with this. The safest option is to:
- Make sure that everyone has their own account on the shared computer
- Make sure that everyone logs out when they’ve finished using it
Your company’s reputation can be at stake too if hacked. If customers see that you don’t take the necessary precautions, they may lose trust in your organisation and the safety of their information, and therefore move elsewhere. Losing your customer loyalty and income.
Benefits of having a password manager
Though browsers often have built-in password managers these days, if you have your own password manager in place, you or your IT management team have more control; you can back it up and protect it. Plus, include passwords for systems and apps not hosted on a browser.
IT admins and managers can also manage who has access to the password management areas. You can remove employees that leave the company, assign access to folders with important senior-level data and assets to just those that require access, and more.
Protect your password manager
The NCSC recommends that you protect your password managers for the extra layer of security.
- If you forget the ‘master’ password for your password manager, you will not be able to get back into your accounts
- If a cybercriminal accesses your password manager account, they will have access to all your accounts
Here is what they recommend:
- Turn on two-factor authentication on the password manager account. This means that even if a cybercriminal knows the ‘master’ password, they still won’t be able to access your password manager account.
- Choose a strong ‘master’ password to control access to your password manager account (for example by using three random words). Note that you can’t store this password in the password manager itself, so if you can’t remember it, it's OK for you to write it down on paper, provided you keep it safe and out of sight.
- Install updates for your password manager app as soon as you're prompted.
How can Grey Matter help?
Grey Matter offers a number of password management solutions. We also offer multi-factor authentication and patch management solutions too.
We can discuss your options and work out which solutions would best suit your requirements to ensure multi-layered protection for your peace of mind, compliance and data security.
Fill in the form below to find out more and book a consultation with our cyber security expert.
The next instalment will focus on the importance of updating software.
Contact Grey Matter
If you have any questions or want some extra information, complete the form below and one of the team will be in touch ASAP. If you have a specific use case, please let us know and we'll help you find the right solution faster.
Wed 30 November 2022 5:00 pm - 6:00 pm GMT
The 2023 release of Intel® oneAPI tools will be available soon. Get an advance peek of what’s new, plus engage in a live Q&A with Intel software experts about all things oneAPI.
Microsoft first announced that Office 365 would become Microsoft 365 in April 2020, with the changes effective from November 2022. Microsoft have stated they changed the name to be “more reflective of the range of features and benefits included within...
6 - 7 December 2022 9:00 am - 3:30 pm CT
The oneAPI DevSummit for AI and HPC is a free virtual community conference for those who are interested in performant, cross-architecture programming and want to evolve heterogeneous computing to its fullest potential.