The risks of not having strong passwords in place
Blog|by Leanne Bevan|28 September 2022
Welcome to the second part of our Cyber Security Awareness Month blog series.
The first part looked at multi-factor authentication. We now examine the importance of strong passwords and the benefits of using a password manager.
What makes a strong password?
Strong passwords are complex. Here are some tips on how to create great passwords:
- Use a mixture of upper and lowercase letters, numbers and special characters
- For ease of remembering, make it a memorable (but not identifiable) phrase
- More than 8 characters
- Don't use the same password anywhere else
Often browsers such as Google will help suggest strong complex passwords you can use. And these browsers have a password manager that you can use. But you should always use the latest version of your browser and operating system, to ensure full security.
What is a password manager?
A password manager is an app on your phone, computer or tablet that stores all your passwords so that you don’t need to remember them. It also enables you to avoid writing them down in a notebook or on a file that could be more easily hacked.
Note, you will still need a master password, to get into the password manager. But at least it is only one password to remember rather than numerous complex passwords for every app and system you use.
What are the risks of not having strong passwords / a password manager in place?
Below you’ll find just some of the risks of not having strong passwords and a password manager in place:
Hackers
Hackers can use social engineering, online research and other tools and methods to identify and hack your password. So, the more complex it is, the better.
Ransomware is one of the top cyber security breaches according to a specialist at Heimdal and a cyber threat report by Acronis. If hackers find access to your passwords and critical data and applications, they can hold them for ransom – where they won’t release them until you pay the hackers a sum of money. But often they’ll continue to up the amount more and more. It’s also a key reason why you should also have a backup solution in place.
Shared computers
As the NCSC notes, if you’re using a shared computer outside your home (for instance, at a college or library) you should never save your password in a browser.
If you're sharing a computer in your household, either with family or housemates, then you’ll have to think about who else could access the computer (and therefore your saved passwords) and decide if you’re ok with this. The safest option is to:
- Make sure that everyone has their own account on the shared computer
- Make sure that everyone logs out when they’ve finished using it
Company reputation
Your company’s reputation can be at stake too if hacked. If customers see that you don’t take the necessary precautions, they may lose trust in your organisation and the safety of their information, and therefore move elsewhere. Losing your customer loyalty and income.
Benefits of having a password manager
Though browsers often have built-in password managers these days, if you have your own password manager in place, you or your IT management team have more control; you can back it up and protect it. Plus, include passwords for systems and apps not hosted on a browser.
IT admins and managers can also manage who has access to the password management areas. You can remove employees who leave the company, assign access to folders with important senior-level data and assets to just those who require access, and more.
Protect your password manager
The NCSC recommends that you protect your password managers for an extra layer of security.
Why?
- If you forget the ‘master’ password for your password manager, you will not be able to get back into your accounts
- If a cybercriminal accesses your password manager account, they will have access to all your accounts
Here is what they recommend:
- Turn on two-factor authentication on the password manager account. This means that even if a cybercriminal knows the ‘master’ password, they still won’t be able to access your password manager account.
- Choose a strong ‘master’ password to control access to your password manager account (for example by using three random words). Note that you can’t store this password in the password manager itself, so if you can’t remember it, it's OK for you to write it down on paper, provided you keep it safe and out of sight.
- Install updates for your password manager app as soon as you're prompted.
Cyber security training
Providing interactive, educational cyber security regularly to your employees can help to ensure they are following cyber security best practices. Especially when it comes to creating strong passwords.
There are companies out there that provide cyber security training and solutions out there, so you don't have to take the time to train all your staff yourselves.
Password tests
KnowBe4 has created some free password tests:
- Browser Password Inspector
- Breached Password Test
- Weak Password Test
- Password Exposure Test
- Multi-Factor Authentication Security Assessment
How can Grey Matter help?
Grey Matter offers several password management, multi-factor authentication and cyber security training solutions, including:
- 1Password - password management
- Passwordstate - password management
- Keeper Security - password management
- Microsoft - multi-factor authentication
- ESET - multi-factor authentication
- Sophos - multi-factor authentication
- KnowBe4 - cyber security awareness training
We can discuss your options and work out which solutions would best suit your requirements to ensure multi-layered protection for your peace of mind, compliance and data security.
Fill in the form below to find out more and book a consultation with our cyber security expert.
The next installment will focus on the importance of updating software.
Blog updated 3 May 2024.
Contact Grey Matter
If you have any questions or want some extra information, complete the form below and one of the team will be in touch ASAP. If you have a specific use case, please let us know and we'll help you find the right solution faster.
By submitting this form you are agreeing to our Privacy Policy and Website Terms of Use.
Leanne Bevan
Related News
Streamline Cyber Essentials Process with New CyberSmart Feature
CyberSmart has announced the launch of Offline Mode, a new feature to streamline the Cyber Essentials certification process. About CyberSmart Offline Mode This new feature applies to Cyber Essentials 2023 and newer versions. Offline Mode allows you to export your...
Upcoming Changes to JetBrains Continuity Discounts
From 2 January 2025, JetBrains continuity discounts will no longer apply to new organisational subscriptions.
JetBrains IDE Services Cloud Release and Floating License Server EOL
JetBrains has unveiled a significant update for its enterprise suite; IDE Services is now available as a cloud-based solution. IDE Services Cloud aims to enhance developer productivity by simplifying license management, improving security, and providing seamless scalability. What’s included in...
JetBrains WebStorm and Rider Are Now Free for Non-Commercial Use
JetBrains has announced a significant change in its licensing model, making its popular integrated development environments (IDEs) WebStorm and Rider free for non-commercial use. This move aims to make these powerful tools more accessible to a broader audience, including hobbyists,...