How to make your passwords secure

How secure are your passwords?

With the growth of work from home and hybrid working, cyber security is becoming more and more important for SMEs.

One of the most important steps that you can take to protect your business from the risks of remote working is to ensure that everybody in your organisation is using secure passwords.

If you look at the table shown here, do all your passwords fit into the green section? There are various versions of this table out there, and none of them are exactly the same; the truth is that these are just estimates, and both computing power and password cracking techniques are constantly improving – by the time you see one of these tables it is already out of date.

Joe Newton originally joined the company as an apprentice back in 2009

The important thing to take from it is that as your password length increases, the time that it takes to crack it increases exponentially. If your password is 8 characters long, it can be cracked in a matter of hours, regardless of how complicated it is. My advice is to choose a password that will take at least 1,000 years to crack by today’s standards.

One tip for creating a long password is to use a passphrase instead. Pick 4 random words of at least 4 letters each, capitalise some of the letters, and straight away you have a password that today will take billions of years to crack. The caveat to this is that it only works if the words are random; if you use your address, your hobbies, the names of your kids or pets, or anything else that can be connected to you, then attackers can use social engineering techniques to learn this information, significantly increasing their odds of success.

This data often contains usernames and passwords; so even if the account in question is a relatively low risk to you in the hands of a hacker, if you use the same password elsewhere, they can simply reuse this password to access more valuable accounts.

It’s very difficult to invent and remember secure passwords for every account, so we recommend using a password manager. There are several available in the consumer market, both for free and at a cost for premium features. This is not something Connexis currently offer, however it is in the pipeline, so watch this space.

A secure password is great so long as no one else knows what it is. But what happens if it does get compromised? You should also think about protecting your accounts with Multi-Factor Authentication (MFA).

Most people are aware of Two Factor Authentication (2FA) from online banking. You log in with your password, this is the first factor, something you know. Your bank then sends an SMS to your phone, this the second factor, something you have. There are two problems with this, 1) SMS isn’t very secure; and 2) what if someone steals your phone?