Five insider password hacks from a cyber security expert
With so many high profile data breaches over the last 12 months, from Sports Direct to mobile network Three and online retailer Kiddicare, businesses large and small have focused on boosting their cyber security. But, Lee Painter, CEO of network security specialists, LogonBox, is warning that employee passwords still remain a major weakness in many organisations’ cyber defences.
He comments: “The use of biometric identification, such as fingerprints, iris, voice or facial recognition might be on the rise, but the traditional password is deeply ingrained in the security psyche and is difficult for many organisations to move away from. Poor password practices make businesses vulnerable and create a route for hackers and malicious insiders to breach systems using password lists, social engineering and brute force attacks. Verizon’s 2016 Data Breach Investigations Report found that 63% of data breaches were caused by weak passwords.”
Lee’s five insider hacks for strong, memorable passwords
A strong password policy means insisting that employees use mixed cases, letters, numbers and symbols in passwords, change their passwords regularly, avoid using obvious passwords and do not reuse old passwords. Here are five additional insider tips from Lee to help make passwords even stronger and easier to remember.
- The long and the short – As the length of a password increases, so does the time taken to crack it. Better Buys estimates that an eleven character password would take a hacker a decade to crack using a brute force attack, a seven character one less than a second! Avoid the pitfall of small and simple to remember passwords. One long password can be just as easy to remember.
- Avoid patterns – Hacking relies on working out patterns. Adding different numbers and symbols to the same common password really makes little difference. Discourage the use of typical password patterns, such as a word and three numbers or employees following the same formats as their colleagues. Once a hacker knows the pattern of one password they can pretty much expect all other accounts to follow the same rules.
- Expand the pool of words – There are more than 200,000 words in the Oxford English Dictionary, but the words used in most passwords are limited to a small subset of this; the same set found in wordlists used by hacking tools. Encourage people to avoid using common everyday words, and instead seek out unusual (and so likely memorable) words. Joining two random words together can be even more effective.
- Get into the rhythm – Using a rhythm to tap out a password can help people remember longer passwords. Using a mnemonic can also help here and can be memorable. For instance creating a password from the phrase I’d love to own a brand new Ferrari! Il2oabnF!
- Don’t reuse passwords from other sites, especially social media – Hackers rely heavily on mining information from social networking sites, so employees should avoid using the same passwords on social sites as they do on accessing company resources.
Finally, ensure everyone is on-board. It’s all too common to find only some people following password policies. Getting everyone’s buy-in on using more complex password policies improves network security all round.
Lee also advises using Single Sign-On (SSO) technology, incorporating a Password Manager and password Self-service. SSO automatically populates users’ passwords and enables them to access multiple applications with one set of login credentials. With one password to remember, business can be extremely strict about their password policies and make their password requirements stronger, longer and trickier for hackers to uncover.
He concludes: “Cyber security should remain a priority for businesses, yet it needn’t take up undue time and resource. Free versions of Single Sign-On software that are quick and easy to download are more than adequate for many businesses needs and offer outstanding levels of protection at the same time. Visit websites such as Softonic, LogonBox or Download to compare what’s available from different software companies and find a product that best suits.