A “secure password” can be difficult to define. How long and complex should it be to ensure the information that it protects is secure or at least “secure enough”?
The answer is that it’s mostly a combination of your likelihood of being hacked/compromised (ie how “juicy” a target you are) and the resources cyber criminals have available to help them succeed in compromising you.
Below, we’ll provide insights into how secure passwords really are in 2023 and offer some simple steps you can take to bolster that security and better protect your business and your online life generally.
CHOOSE COMPLEXITY, NOT SIMPLICITY
In the movie Spaceballs, upon hearing that King Roland’s combination for the protective air shield around Planet Druidia is 12345, Rick Moranis’ character “Dark Helmet” says: “…that’s the stupidest combination I ever heard in my life!”
Stupid because it’s super-easy to guess, but it’s also super-easy to remember for a simple man like King Roland.
Today, most of us have more than a few online accounts, both personal- and work-related.
This means we also have more than a few passwords to remember.
We’re more than a little busy too so we aim to keep things simple. Simplicity however is inherently dangerous where passwords are concerned.
Using readily available computer hardware released in 2022-23, a password that is 8 characters long containing numbers, symbols and mixed case letters – eg Ez2GUes$ – takes about 5 minutes to crack1
Leveraging the immense power of cloud computing available via Amazon AWS, Microsoft Azure and their like (yes, hackers use them too), that 8 character complex password will be cracked almost instantaneously.
Passwords therefore, can really be a weak link in the cybersecurity chain. Especially when they’re “simple”.
Authentication technology is progressing, but passwords will be the norm for a while yet, so it’s up to us to make them stronger. The security of our bank accounts, personal & work data depends on us doing so!
MFA IS THE WAY
An easy first step on the road to improved password and login account security is to enable multi-factor authentication (MFA).
Most of you reading this post will be familiar with the one-time codes you receive via SMS or a code-generating app like Google Authenticator or Microsoft Authenticator.
Also known as 2-factor authentication (2FA), MFA is available across a wide variety of websites and can also be found on work IT systems, bank accounts and elsewhere.
Enabling it wherever it’s available will increase the difficulty of accessing your accounts should your password ever be exposed.
MFA is not a cure-all, but it does make it more difficult to hack into an account or system.
Pro tip #1: MFA codes delivered by SMS can be compromised more easily than other code delivery methods so avoid MFA via SMS wherever possible.
GO FURTHER
The next step to consider is having your account passwords saved to a properly secured password management platform.
LastPass, 1Password, Dashlane, and Keeper Security are some of the more well-known password managers.
They’re relatively inexpensive and are full of helpful security features such as dark web monitoring that more than justify their cost.
A password management app is often the best way to enable use of very long and complex passwords across multiple login accounts. Passwords unique to each account can be generated too.
They remove our tendency to simplify passwords so our busy minds can recall them when needed. Your password manager does the remembering for you.
One long, complex, yet easy to recall password for your password manager, secured with a hardware security key (eg Yubikey) will help to ensure your accounts and their passwords are more secure.
Pro tip #2: configure MFA in your password manager (via an app preferably) as a backup in case you lose your security key.
GET SOME HELP
Our “Protect” managed service includes a license for Keeper Security Business password manager. Subscribe today and we’ll help you secure it with a Yubikey, import all your passwords and show you how to use it.
BIZC IT Protect does so much more than just password management however.
Call us today on 1300 249 248 to find out more.