Secure Passwords – Your Key To Data Safety

No matter where you go online, you will find a hundred different rules for creating a secure password. With MailChimp for example, you must use punctuation in your passwords, with Gmail you must use at least one capital letter and one special character. And while these are all advisable things to do, they do not necessarily mean you have a secure password, just that you have met their criteria. So, this month we have a few tips on creating and remembering a secure password, and why you need to be thinking about it now.

Why Do I Need a Strong Password?

Ultimately, hackers are lazy, so they’re going to look for the easiest way into your systems. For many organisations, this is via the user access of the people in the business, since they only need to get past one password. Sophisticated hackers even have tools they can use to break through them. But a strong, secure password can significantly slow down or even stop a variety of attack methods. Strong passwords are the first line of defence for your vital business systems, protecting them from attack hundreds of times a day.

Then There’s GDPR…

Yes, we’re going to talk about GDPR here too – because it all links in. As we all know the new GDPR regulations which are now in effect bring some changes to the rules around passwords. While the regulation doesn’t specifically outlaw the use of a simple username and static password system for accessing personal data, it does state that access procedures need to be secure. If it’s not, businesses will be found in breach of GDPR. One key area will be password reset requests – People often ask to re-set their passwords. Under GDPR, a business MUST be able to show that requests for password re-sets are dealt with securely and that there is a clear policy in place.

3 Tips for A Stronger Password

Letters, Numbers and Symbols: A lot of password protected accounts now require you to use at least 1 number or symbol in your password – but not all of them. For a secure password, include a combination of letters, numbers and symbols, because it is much harder for someone (or some programme) to guess. So, if you want your password to be ‘Santa Claus’, instead you could use ‘S4nt4@th3Cl4u$$’.

Avoid the Obvious: Mittens the cat, might have held a dear spot in your heart when you were younger, but she should have no place in your passwords now. While it used to be common practice to use names and dates for passwords, the fact is that they are far too easy to guess – especially since we tend to share this information freely online. Instead, create a set of passwords that have nothing to do with personal information. Select a random word or phrase, and intersperse it with some of those letters and symbols we talked about at random. This makes your password harder to guess and much more difficult to crack.

Here are the Top 25 WORST passwords for 2017 (source – SplashData):

1.     123456

2.     Password

3.     12345678

4.     qwerty

5.     12345

6.     123456789

7.     letmein

8.     1234567

9.     football

10.  iloveyou

11.  admin

12.  welcome

13.  monkey

14.  login

15.  abc123

16.  starwars

17.  123123

18.  dragon

19.  passw0rd

20.  maste

21.  hello

22.  freedom

23.  whatever

24.  qazwsx

25.  trustno1

Storing Your Passwords: The next big issue is how do you store your passwords. After all, you’re using a different password for everything (you are, right?), so how could you possibly remember them all? Well, unless you have a photographic memory, you need to keep a record of them somewhere. The worst place for you to do this is on your computer. If someone steals your laptop or desktop, you will be handing them not only all your business and personal data, but the passwords to get to it as well. The simplest way around this is using a piece of password management software that keeps your passwords secure behind multiple walls of hard to crack security.

At ACT Systems, we specialise in helping businesses understand their obligations and keep their systems secure. We can review your processes to ensure you are fully GDPR complaint, and provide comprehensive advice on all elements of password and IT security. For more information, just get in touch with the team today.