The risks of not having strong passwords in place

Welcome to the second part of our Cyber Security Awareness Month blog series.  

The first part looked at multi-factor authentication. We now examine the importance of strong passwords and the benefits of using a password manager. 

What makes a strong password? 

Strong passwords are complex. Here are some tips on how to create great passwords:  

• Use a mixture of upper and lowercase letters, numbers and special characters  
• For ease of remembering, make it a memorable (but not identifiable) phrase  
• More than 8 characters  
• Don't use the same password anywhere else 

Often browsers such as Google will help suggest strong complex passwords you can use. And these browsers have a password manager that you can use. But you should always use the latest version of your browser and operating system, to ensure full security.  

What is a password manager? 

A password manager is an app on your phone, computer or tablet that stores all your passwords so that you don’t need to remember them. It also enables you to avoid writing them down in a notebook or on a file that could be more easily hacked.  

Note, you will still need a master password, to get into the password manager. But at least it is only one password to remember rather than numerous complex passwords for every app and system you use. 

What are the risks of not having strong passwords / a password manager in place? 

Below you’ll find just some of the risks of not having strong passwords and a password manager in place: 

Hackers 

Hackers can use social engineering, online research and other tools and methods to identify and hack your password. So, the more complex it is, the better.  

Ransomware is one of the top cyber security breaches according to a specialist at Heimdal and a cyber threat report by Acronis. If hackers find access to your passwords and critical data and applications, they can hold them for ransom – where they won’t release them until you pay the hackers a sum of money. But often they’ll continue to up the amount more and more. It’s also a key reason why you should also have a backup solution in place.  

Shared computers 

As the NCSC notes, if you’re using a shared computer outside your home (for instance, at a college or library) you should never save your password in a browser. 

If you're sharing a computer in your household, either with family or housemates, then you’ll have to think about who else could access the computer (and therefore your saved passwords) and decide if you’re ok with this. The safest option is to: 

• Make sure that everyone has their own account on the shared computer 
• Make sure that everyone logs out when they’ve finished using it 

Company reputation 

Your company’s reputation can be at stake too if hacked. If customers see that you don’t take the necessary precautions, they may lose trust in your organisation and the safety of their information, and therefore move elsewhere. Losing your customer loyalty and income. 

Benefits of having a password manager  

Though browsers often have built-in password managers these days, if you have your own password manager in place, you or your IT management team have more control; you can back it up and protect it. Plus, include passwords for systems and apps not hosted on a browser.  

IT admins and managers can also manage who has access to the password management areas. You can remove employees who leave the company, assign access to folders with important senior-level data and assets to just those who require access, and more.  

Protect your password manager 

The NCSC recommends that you protect your password managers for an extra layer of security. 

Why? 

• If you forget the ‘master’ password for your password manager, you will not be able to get back into your accounts 
• If a cybercriminal accesses your password manager account, they will have access to all your accounts 

Here is what they recommend: 

1. Turn on two-factor authentication on the password manager account. This means that even if a cybercriminal knows the ‘master’ password, they still won’t be able to access your password manager account. 

1. Choose a strong ‘master’ password to control access to your password manager account (for example by using three random words). Note that you can’t store this password in the password manager itself, so if you can’t remember it, it's OK for you to write it down on paper, provided you keep it safe and out of sight. 

1. Install updates for your password manager app as soon as you're prompted. 

Cyber security training

Providing interactive, educational cyber security regularly to your employees can help to ensure they are following cyber security best practices. Especially when it comes to creating strong passwords.

There are companies out there that provide cyber security training and solutions out there, so you don't have to take the time to train all your staff yourselves.

Password tests

KnowBe4 has created some free password tests:

• Browser Password Inspector
• Breached Password Test
• Weak Password Test
• Password Exposure Test
• Multi-Factor Authentication Security Assessment

How can Grey Matter help? 

Grey Matter offers several password management, multi-factor authentication and cyber security training solutions, including:

• 1Password - password management
• Passwordstate - password management
• Keeper Security - password management
• Microsoft - multi-factor authentication
• ESET - multi-factor authentication
• Sophos - multi-factor authentication
• KnowBe4 - cyber security awareness training

We can discuss your options and work out which solutions would best suit your requirements to ensure multi-layered protection for your peace of mind, compliance and data security. 

Fill in the form below to find out more and book a consultation with our cyber security expert. 

The next installment will focus on the importance of updating software. 

Blog updated 3 May 2024.