When thinking about password security, most people are aware of the need to use different passwords for each website they visit or each application they log into and to make them as strong as possible. But we all know that sinking feeling when a website or application asks you to input your password and you can’t remember which one you used.
There are ways to create passwords that make them hard to guess, rather than hard to remember as well as ways to simplify processes securely. Here are a couple of tips.
Use a passphrase instead of a password
In the United States, the National Institute of Standards and Technology (NIST) has changed its views on passwords. They believe that using a long, simple, memorable passphrase rather than a short, complex password is far more secure – so secure, in fact, that they no longer require you to change it regularly (unless you are aware that the password has been compromised). This is often easier for the person concerned to remember and as such, there is no need to write it down or request a reset. The latter usually involves incrementing a number on the end of the password rather than full change which is also less secure.
The thinking behind this move is that the longer your passphrase is, the less chance an automated system will have of guessing it, because each additional character increases the number of possible combinations enormously.
As far as you and I are concerned, the key to choosing an effective passphrase is making sure that it’s memorable. It needs to be something that you’ll always remember, but nobody could possibly guess. It can be as long as you want it to be and if you still want to include numbers or special characters in it, you can.
Password security management systems
One of the key elements of our online training is a safe, live exercise that enables you to understand where there are security gaps in your organisation. This involves sending your employees a fake phishing email that asks them to click on a link. By tracking their responses and developing a report on the outcomes, we can give you a clear picture of where there are gaps in your people’s security awareness and tailor our training to cover those areas.
Creating a security aware workplace
Verizon’s recent Data Breach Report showed that 81% of hacking-related breaches used either stolen or weak passwords. Making employees aware of why they are being asked to do something, and the risk of not, often helps with adoption to new processes.
A good starting point is to identify if there are emails and/or passwords associated with your Active Directory that are in publicly available breaches. Then, identify risk areas for your business and look at cyber security awareness training options available to build knowledge within your organisation.
If you would like to speak to us about any aspect of this article, contact Andrew Wayman at andrew.wayman@sdt.co.uk or call our office on +44 (0)1344 870062.