Posted on June 22, 2020 by Samantha Baidoo
Cybercrime is an ongoing problem for all organisations, and all employees of an organisation must play their part in helping with cybersecurity defence. The first line of defence is proper password management, because passwords are often the weak spot in an organisation’s cybersecurity defences, with 80% of hacking-related breaches attributed to compromised, weak or reused passwords. In this blog, we explore what proper password management is, how to track passwords and we give advice on what makes a good password.
It takes a hacker about nine seconds to break into a password that is six characters long, but it can take up to nine thousand days to break into a 10-character password. To ensure employees have effective passwords, organisations should implement a set of best practice rules for all employees to follow, around the storing and management of passwords. This might involve implementing a password management tool and creating rules, including things like:
It should be a clear policy communicated to all employees and organisations should ensure they have the correct tools in place to enforce the policy rather than simply relying on staff compliance with published rules.
Long gone are the days that you would note down your password on a piece of paper or a post-it notes, and use it across multiple systems. However, having unique passwords across multiple platforms, of sufficient complexity to be secure, has given users the headache of how to remember what password unlocks which site. Then you have the added issue of passwords that need to be shared, for example, access to a supplier website where multiple colleagues need to know the company login. The answer lies in the use of a secure password management tool.
Password Boss allows you to save all your passwords for any websites, apps, programme etc you use and access them from any device using your ‘master password’. The Master Password is not stored or transmitted anywhere, even Password Boss does not have a copy. If you regularly visit a website password boss will automatically enter your username and password for you to simplify logging in. It will also help you to create unique and strong passwords for every different site you visit. Password Boss performs ‘dark scans’, by scanning all of your passwords and accounts to find out which have been stolen in security breaches.
It also resolves the problem of how you use ‘shared’ passwords for sites such as Amazon, where multiple need the login. You can allocate the common password in the Password Boss admin panel, but the end user only ever uses their own unique master password, meaning if an employee leaves, you don’t need to reset your password across multiple partner websites.
All Password Boss user data is encrypted and decrypted locally using AES-256, that’s the same level of encryption banks and governments use to protect data. This encryption has never been cracked and means that the data you store in Password boss remains safe, secure and private. Password Boss also gives you the ability to add an extra layer of security to your account by enabling 2-factor authentication. After entering your Master Password you will be prompted to enter a code from an app on your device in order to access your account.
For more information about Password Boss, contact us.
What makes a good password?
Passwords are often not complicated enough and are reused making them easy to hack. It is vital both your personal passwords and passwords in your organisation meet a certain criterion to ensure they are as secure as possible, our advice for creating an effective password is as follows
Most applications require an 8-character minimum length for passwords, however, if you are using a password manager there is no reason not to up this, 16 characters makes for a very strong password!
Using a mix of upper case and lower-case letters, symbols, and numbers adds to the complexity of a password. Symbols and numbers are great to use in passwords but be careful how you use them, replacing letters with symbols or numbers is common practice in passwords, e.g. using 3 instead of E and $ instead of S, this can actually make your password less secure as it is one of the first things a hacker will try.
Especially not your name, address, birthdate, family members details, or personal details like mother’s maiden name, pet name etc
You should have a different password for every application you access – so if one of your passwords is hacked only one application is compromised.
Nobody should know your passwords as the more people who do the less secure the password becomes.
Advice varies on this. The National Cyber Security Centre says it is not the necessary to change passwords regularly, however that relies on all other advice being followed (like not re-using passwords, blocking weak passwords, having systems in place to detect if accounts have been compromised and additional layers of security like multi-factor authentication.) As many organisations do not have all these measures in place we recommend periodic password changes to ensure your organisation’s cybersecurity protection is a strong as it can be.
If you struggle to pick something random for your password, use a password generator to help you create a long, complex and secure passwords. The level of complexity we recommend for passwords demonstrates the need for a flexible password management tool to help your employees juggle multiple passwords with ease.
Take back control with ramsac’s free self-assessment tool that helps to strengthen your business’ IT systems.Rate My IT
Password management is very important for effective cybersecurity, we also advise customers to consider implementing additional levels of security, like Multi-Factor Authentication (MFA). Your systems can still be compromised even with the most complex password, if a cyber criminal sends a phishing email and a user enters their password into a fake website, the criminals immediately have access to your e-mail, usually they will then silently monitor your account looking for financial transactions they can divert, or sending malware out to your contacts. By having MFA, it removes this risk as even if your password is known, they cannot log in without having access to your device.
Find out more about Multi-Factor Authentication so you don’t just rely on passwords to protect your data.
For more information on how to manage your passwords and more ways, you can be cyber secure contact us 01483 412 040Contact us for more information on Password Boss