Data breaches are happening all the time, in both big enterprises and even more so in SMBs – which experts view as “ground zero” for cyber crime. As a result, developing good password policies is essential for businesses of all sizes. But it’s not the whole story, because the policies must also be adopted and enforced. That’s why users make the difference between success and failure.
One of the most common ways that hackers break into computers is by guessing passwords. Simple and commonly used passwords enable intruders to easily gain access and control of a computing device.
Conversely, a password that is difficult to guess makes it prohibitively difficult for common hackers to break into a machine and will force them to look for another target. The more difficult the password, the lower the likelihood that one's computer will fall victim to an unwanted intrusion.
Five tips for a good password
- Use passphrases instead of passwords
Instead of using a simple password like your cat's name and sticking a couple of numbers on the end "Tiger67", make it in to an easy to remember yet difficult to guess passphrase such as "Tigers birthday is June 7th". If you want to get really fancy add some punctuation, most services will allow passwords using the full array of keys including spaces. "Tiger's birthday is June 7th."
- Use different passwords for different services. It is never a good idea to use the same password for different services, read more here about the 2012 LinkedIn incident
- Write your passwords down. If you have too many passwords to remember then write them down. Most password compromises are the result of electronic hacking. Unless you are protecting national security secrets or some other highly-valuable data (let's face it, most of us are not!) storing your passwords in a notebook or on a piece of paper in your desk drawer does not really increase the risk of password compromise but definitely does increase your chances of remembering the password when you need it. Whatever you do, don't record passwords in an electronic document.
- Don't tell anyone your password. This one should be obvious. A special note for bosses and managers - don't force your staff to reveal their passwords to you, there is absolutely no need for anyone to have records of staff passwords. Whatever your reason is for wanting to know your staff's passwords there are better and more accountable ways to achieve it, just ask your friendly I.T. expert at Australia Wide I.T. for advice.
- Change your passwords periodically. There are no hard and fast rules here but the more often you change your password the better. When a password is compromised the stolen password is often not used right away, it will likely find its way on to a list to be sold on the dark web to the highest bidder along with a bunch of other victims' passwords. How long it will be between the password compromise and it being sold is anyone's guess but by changing your password often you are trying to 'beat the odds'. Obviously you must balance the inconvenience of having to change passwords with your own security needs and that of your employer.