A security system is only ever as strong as its weakest point and while passwords are a key defence, they can also be an attacker’s easiest route to accessing your files and data. Given the financial implications of a security breach, making sure your employees use adequate passwords can be as important as locking up the premises properly each night.
Whether it be credit agencies like Experian or ‘dating’ agencies like Ashley Madison, 2015 seems to have been the year of the high-profile hack. One key thing to remember is that most such attacks aren’t simply a case of hackers stealing passwords and being able to use them. Instead there’s an extra step that means not all passwords are created equally.
When a hacker gets hold of a password, be it a single record or a massive database, it will commonly be in encrypted form. While powerful computer software speeds up the process, decrypting passwords often comes down to what’s effectively a sophisticated guessing game. For this reason hackers will usually start off by trying out the most commonly used passwords (with “password”, “qwerty” and various strings of numbers the prime targets). The next step is a dictionary attack, which simply tries every word in the dictionary. Only after this will most hackers resort to trying random strings of characters.
With this in mind, most IT security experts agree on a few main principles for safer passwords:
Of course, passwords also need to be memorable to be useful. A common suggestion is to think of a memorable phrase (for example Twinkle Twinkle Little Star, How I Wonder What You Are) and use the first letters (eg ttlshiwwya) which creates something memorable but not prone to a dictionary attack.
Making your business more secure with stronger passwords take very little effort on the part of your employees but makes a massive difference to your level of business security. For any business, we would always recommend implementing a password policy as a guide for all employees to provide that additional layer of IT security.