From work accounts and social media to online billing, banking and emails, most Australians have hundreds of accounts containing personal information which require usernames and passwords.
Robert De Nicolo, Cisco's director of cyber security for Australia, said 81 per cent of breaches typically involve weak or stolen credentials from passwords.
Prompted by World Password Day in May, we take the opportunity to remind readers of the importance of strong passwords, how to achieve this, and how to check if your password has been compromised.
We recommend using Pluralist Information Security Author, Troy Hunt's email and password assessment site, https://haveibeenpwned.com/
In previous articles, we have discussed the fundamentals of how to create a secure password. Let's touch on them again below.
1. The longer the better: At a minimum, you should have 8 characters in your password or passphrase, however, we recommend 12 or more.
2. Complexity: Adding numbers and characters greatly increases the strength of a password, as does a combination of lower and upper case letters.
3. Avoid repetition: Try to avoid creating a complex password, then incrementing it by one character each time you’re asked to change it. And remember - it is essential not to use the same password across multiple devices and systems. This is where the use of a password manager program can come in handy.
4. Avoid obvious words/phrases: It concerns us that we still have to say it, but don't create passwords using obvious phrases like “Password1", "QWERTY", "asdfjkl", "abc123". Dictionary brute force cyber attacks start with these obvious phrases.
5. Don’t write it down: Don’t record your password anywhere, especially not on a post-it note on your desk!
To mitigate cyber security incidents caused by password breaches, the Australian Cyber Security Centre (ACSC) advises the following:
The ACSC also recommends prevention techniques such as clearly documenting cyber security policies and cyber security awareness training for all employees.
The purpose of Cyber Security Awareness Training is to educate staff about cyber threats and attacks they may be subjected to each day, including the importance of good password hygiene.
Cyber security awareness training also ensures that you and your employees understand the part everyone must play in protecting your organisation and client’s data.
If you want to educate your employees on how to create and maintain secure passwords, our staff education programs and policy and procedure reviews can help. Our Business Technology Consultants are specialists in improving your internal cyber security.
If you need advice on how you can ensure your cyber security strategy is fit for purpose, our team of cyber security experts are ready to help. Contact our team on 1300 307 907 today.