Passwords please..


Another password to remember?

So today we are looking at passwords: why we need them, what makes a good one, and how do you remember all your passwords?

Why do I need a Password?

On a very basic level its a way of verifying your identity when you want to log into your system, network or a secure website.  In other blogs we have used real world analogies, we’ve talked about putting locks on shed doors to keep your items safe. Well, think of your password as the key for that lock.

What makes a good password?

Using the key analogy, you wouldn’t use any old key to secure your valuable items. For a start, you’d want to make sure the key is unique to that lock. You also want to keep the key safe and not hand it over to a random stranger, who might be able to access your valuables.

The same goes for passwords, they should be unique and kept secret. In addition, they need to be complex enough to make it difficult for cyber criminals to crack. So, where to start? The Cyber Essentials scheme offers clear guidelines on passwords, as does the National Cyber Security Centre (NCSC). Part of the requirements for Cyber Essentials is the use of strong unique password. Cyber Essentials recommend that you use a password that is more than 8 characters long and difficult to guess.

NCSC recommend that you use three random words which you can remember, but do not naturally go together. It is also a good idea to use numbers and special characters (*&%F£) in your password as well as a combination of lower and upper case letters.  The longer your password the better.

You should avoid some of the most common passwords, these include password, password1 and 12345678. Yes, some people do use these passwords!

Passwords that are made up of dates of birth, names of pets and children, a favourite band or football team can, not surprisingly, be worked out easily.

How do you remember all your passwords?

So now you have unique passwords for your online accounts it might seem difficult to remember them all. Thankfully, you don’t have to!

You can use a Password Manager to remember all your passwords for you. The password managers that your browser provides is fine for personal use however, for business users it is recommended that you use an independent password manager. LastPass and Dashline are two examples but there are lots of options available. Do some research and find one that is appropriate for your business.

Once you have chosen your Password Manager software you will only need to remember one, strong, unique password for that account.

Anything else I can do?

You can add another layer of security to your passwords by using two factor authentication (2FA), or Multi-factor authentication (MFA).

This process involves using your finger print, retina scan, or a code sent to a separate device, like your mobile phone, to further verify your identity. If you have the option for 2FA or MFA, you should use it where possible.

Passwords and Cyber Essentials

In2secure are a Certified Body for Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber security. We’ve completed the assessment ourselves and help other businesses who want to get certified in Cyber Essentials.