How strong are your passwords?
In recent years we have seen a dramatic increase in hacking due to poor password management. A recent retail company located in Melbourne engaged our services to recover from a hacking breach of their G Suite accounts due to a password being used for all their online services, which had been compromised previously by cybercriminals. Their former Managed Services Provider (MSP) had put in many layers of security on their network but neglected the largest vulnerability of all which was the password management of their staff.
If you use the same password for multiple systems—online shopping, email, your company’s cloud bookkeeping solution, etc.—you’re not alone. Even Facebook founder Mark Zuckerburg did that. And in 2016 his LinkedIn credentials were compromised in a major breach. That gave hackers access to his Twitter account, too, because the passwords were the same.
The fact is, with just one user password, hackers can often break into multiple applications and systems. Your whole business can very quickly be put at risk. That’s why a good security practice is to have a different, strong password for every account (don't have a handful of passwords you rotate through for different uses). A breach will be isolated to that account, and the fallout will be much smaller and easier to manage.
Be extra protective of your sensitive accounts
When it comes to ultra-sensitive accounts like company servers or your banking apps, make extra sure the password you use isn’t one you’ve used anywhere else. Banks usually have strong security measures, but even those won’t protect you if someone tries a password you’ve used somewhere else and it works. The consequences could be disastrous.
Email is another big one to safeguard—work and personal.
If someone gets into your email, the potential for damage goes up exponentially. They can send out phishing, ransomware, or other malicious attacks to any or all of your contacts, and they’ll seem legitimate because they’ve come directly from you.
Be unique and strong
Of course, in addition to being unique, your passwords have to be strong, too. At a minimum, that means making each one long. Pick one with at least eight characters, but the longer the better. If you can use phrases of multiple words instead of a single word, that’s even better still. (And for goodness’ sake, don’t use “password”.)
Check to see if you can enable Multi-Factor Authentication (MFA) on the website or service you are applying your password on. This will require an additional code or approval most likely from your mobile phone, making it close to impossible for hackers to get in.
So why don’t more people use unique, strong passwords for every account?
Usually because they feel like it’s too much work. If you have dozens or hundreds of accounts, having a different password for each one might seem like a royal pain. And long, complex passwords are definitely hard if not impossible to remember. Fortunately, there are solutions to help manage passwords for you so your brain (or an insecure notebook or spreadsheet) doesn’t have to do all the work. Having the right tools is just as important as having the right practices in place.
If you’d like to learn more about how to manage your passwords, let us know. And watch for our next blog on how you can add extra security by changing your passwords periodically.