IT
Creating a password might seem like an easy task for anyone regardless of their IT knowledge.
In fact, even if we strongly dislike the idea of creating them, there is no way around it when it comes to gain access to most services. We use them for websites, software and applications, professional and personal email accounts, bank accounts, computers themselves and just about anything we may find in and out of the Web these days.
In theory, most people are aware that their passwords must be secure and will assure you that they know they should not use the same password for all their accounts or write a password down on a piece of paper. In practice, however, considering the number of accounts that a person with access to a computer might have at any given time, chances are that we become more lenient towards the security level of our passwords. This might include you or any of your employees.
Why do we end up using weak passwords?
Perhaps we think that no one would be able to guess our unique “secret word”, we created our account in a rush and never took the time to update the password, maybe we never had a password stolen or this matter simply never crossed our mind. Any possible excuse can be acceptable because it is easy to underestimate a threat simply because it is relatively invisible.
The threat, however, is indeed there and it will not be going away any time soon. If only, it will increase, along with advances in technology and more specifically, cybercrime. No precaution is enough when it comes to dealing with hackers and virtually no one is safe, including those with more resources to protect themselves.
Big names such as TalkTalk, Lloyds, Tesco Bank, Yahoo, Ashley Madison, Sports Direct, Debenhams and many more have all experienced a security incident once or several times since last year. Another recent example is the telecommunications and internet service provider Three, as 200.000 of their customers got their personal data compromised when an employee’s password got stolen in March 2017.
While having the password to your personal email account stolen might certainly ruin your day, the possibility of putting your company and customers at risk can cause a lifelong problem that will cost thousands if not millions of euros to solve – that is, if you are lucky to stay in business.
These days, it is easy to gain knowledge in account theft procedures online without getting caught or accounted for in any way and no company is safe in this situation so staying on top of security procedures is crucial.
So, what makes a good password?
Typically, a good password is lengthy, has a mix of letter cases, symbols and special characters, should not be composed of a dictionary word or related to the user in any way. According to these rules, the result would be something like this:
xlG-563!?tPr4urt
Remember that you are not supposed to be using the same password for all your accounts or leave it anywhere visible.
How can companies ensure that their security is not compromised?
The first thing we need to understand is that technology is constantly evolving and unfortunately, even having the strongest of passwords might fail to protect you or anybody with access to your website, products or services against a potential threat.
Every company is different and therefore, can encounter different challenges in maintaining top-level security. Currently, one of the strongest measures used to protect passwords is the two-factor authentication, which involves entering a login name and password, followed by a code delivered to a device, mobile phone or smartcard owned by the user. This simple and smart method of authentication makes it significantly more difficult for an external machine to gain access to an account remotely.
It is also fundamental to stay on top of the latest security enhancements, especially if a company does not have its own IT department or its IT technicians are specialised in other areas of expertise. In any case, the best way to go forward is to arrange a consultation with a security specialist that can provide an individual assessment, personalised service and advice on any concerns. As it would be an external advisor, this option is both time and cost-effective. In addition, it presents an opportunity to work alongside experts with a wide range of resources available, allowing business managers to focus on the core areas of their companies.
By Kieran Fallon of IT Force.