Humans are the weakest link in the cyber security chain. Most of the cyber security incidents and breaches are happening due a human error. One of the common reasons for this is the usage of weak passwords and poor password security policies, so it become crucial in these times to apply some measures regarding password security and management, especially in a work environment.
Passwords still represents the first line of security in the modern world. We use them not just on our computers and mobile phones, but in everyday life too. For example, if you want to withdraw money from an ATM, you will need to enter your credit card and then enter your PIN code. Same thing goes for shopping. For this reason, passwords are one of the most interesting forms of information for criminals. Many criminals will target weak spots in a network, in a search for an account with a weak password and special privileges to the organization network, to gain access to the confidential information. That is why it is important to have some measures, processes, or policies when it comes to the password security, that will be followed, and this goes for both work and personal accounts, devices, and services.
So, you might wonder how can you improve your passwords? Well, until recently the minimum recommended number of characters in a password was 8 characters, but as technology, security etc advance, so do cyber threats and attacking methods. Now, it is recommended for a password to contain at least 12 characters, a combination of letters (both lower case and upper case), numbers and symbols. Shortly, make a long password, that is easy to remember but hard to guess. Also, you can use a passphrase.
A passphrase is a combination of words, instead of random characters. You take few non-related words (3-4 recommended), but still that means something to you, mix them together and you get a strong passphrase. Another thing to remember is that you should avoid at all cost using the same password for multiple accounts and services, because if a criminal gets access to one of your accounts, he will try the same password to access your other accounts. Bellow you can find examples of a good and a bad passwords and passphrases.
While these examples are good and are hard to guess and crack, they can also be hard to remember. Passphrases are recommended for services and accounts that you need to know a password for. Nevertheless, today it is common to have many different accounts for various services, email accounts, social media, etc.
To use a different and secure password for each of these, you would need a tool for managing them all and keeping them secure. This is where password management comes.
Password management is a process of managing password using a specific software for managing passwords, and making it secure in a way that nobody without permission can access them. For these purposes, a password manager is used. It is a software that provides features like managing and generating strong passwords and other information, keeping them safe and secure in one place, either locally or in the cloud. That software can be either installed on your desktop, mobile phone or on your web browser as an extension. It works with a master password. A master password is the password that you would need to enter to access your password manager and without it, nobody can access it, as the passwords are kept encrypted. Only the person with the master password can unlock (decrypt) a password manager and access it.
In addition to that, another layer of security that everyone should apply is setting up a multi-factor authentication (MFA) system. Multi-factor authentication is a method of authentication in 2 steps, unlike the traditional one step method where all you need to authenticate yourself is a password.
For example, to login to some website, you would need to enter a password and a code (usually 6-digit code), either received by SMS or generated by an MFA application. The importance of a strong passwords and MFA is nicely represented in the video published by the Belgium’s Centre for Cybersecurity.
How can ITAF help you?
If you need a secure way for authentication to your services and work environment long with password security policies, or if you need some advices or help with securing your personal or work environment, you can always contact us.