Despite the fact that the growing threat of cybercrime is widely publicised, poor security practices are still too common.
When it comes to passwords, putting in the effort now can make a huge difference in the long run. It’s time to forget about single-worded passwords, they are easy to crack and are no longer strong enough.
So, what constitutes a strong password these days – a passphrase (or another name for it is a sentence). Passphrases are longer, more complex and much easier to remember.
When thinking about your new passphrase, you should try and use a string of words that incorporates numbers and letters (both lower and uppercase); and the longer it is the stronger it will be.
A strong passphrase:
- Is at least ten characters’ long
- Does not contain your user name, real name, or company name
- Is significantly different from previous passphrases
- Contains multiple words, capitals and numbers
- MYMYitsloveleyweather17 (my my its lovely weather)
- lookingforwardTO1holiday (looking forward to 1 holiday)
If you can find your password in the dictionary, it isn’t strong enough.
Tips for extra security:
- Short passwords are bad. Long passphrases are good
- Don’t reuse an old passphrase, make it slightly different (lookingforwardTO1holiday, next passphrase could be nearlyON1holiday)
- Use two-factor authentication for added security
- Ensure that every account you have has a distinct passphrase
- Change your passphrases periodically
- Don’t keep a written list of your passphrases ANYWHERE
So why is it important to set a good passphrase?
If your business is caught out from a bad password, you will experience:
- Downtime of at least 6 hours but most cases are over a day
- Loss of important data – depending on when you did your last backup
- High costs of your IT provider getting your business back up and running
- Loss of business for that downtime
- Loss of reputation, can your clients trust you can keep their information safe?
You have to remember; you are only as strong as your weakest link. Even with a large IT budget, there is nothing your provider can do for you if one of your staff has a weak password. Especially those that have access to the most confidential information.
Talk to us
We can help your organisation with implementing a password policy. Discuss this with us today.