You could have the best security in the world protecting your network.
You could have all the bells and whistles, the latest software and the best firewalls.
But if your network passwords are weak, it can all come tumbling down in seconds.
Using strong passwords across all parts of the network is a vital step to keeping data secure. It’s a critical and simple step in Network Security best practices. While a strong password alone, won’t protect you, a weak password might bring down even the most sophisticated system.
Here at Comms Express, we know that it can be tricky to remember a plethora of passwords and PINs. So, we’ve created a handy guide to help you protect your network, and not be constantly locked out of your account.
Why Do You Need A Strong Password
In 2012, Gary McKinnon hacked into the United States military and NASA networks. The US government claims he deleted files, paralysed the networks and caused $700,000 of damage.
He said he was looking for evidence of UFOs.
In a 2006 interview with the BBC, McKinnon claimed he used a Perl script to seek out blank passwords. He implied that many computers on the network still had default passwords.
So if weak passwords can bring down an expensive, high-security military network, imagine what it would do to businesses without sophisticated technology.
If four letters could strike fear into business owners, it might be GDPR. Under European guidelines, all personal data needs to be kept secure. Breaches in security could mean your business is fined millions of pounds.
Keeping strong passwords is a key part of GDPR. This can help your company prevent breaches of security, which will stop people accessing and downloading personal information for malicious intent.
How Criminals Abuse Weak Passwords
There are many different ways that hackers and other criminals will try to access your account. If they want your info, they may stop at nothing to get it. While there are some very sophisticated methods that high-end hackers may use, there are some widespread tactics that most hackers will use, and often find results due to poor password security.
Some phishing attacks will happen when a person attempts to create an authentic-looking fake website, email or other media type to steal personal data. This could vary from an email asking for you to enter your details on a fake website, to a person calling up pretending to be your bank.
99.9% of the time, a company does not need your password to offer support. Their systems will have ways to be able to log in to your account from their end, or they will talk you through the issue over the phone.
Brute Force Attacks / Dictionary Hacking
These types of attacks are when hackers attempt to log into an account or network by using common passwords or words found in the dictionary. Attackers will start with common passwords such as “Password” or “123455”. They will then move on to general dictionary words like “love1”, “Dog123”, “welcome”. Dictionary attacks are probably the most common.
The attacker with flood the password box with these hacks to attempt to gain access, sometimes by logging thousands of attempts a minute.
Once a hacker has one password, they will run a script which allows them to try the email and password combination across a list of the most popular websites in order to find more sensitive information. So, that means you need to use good passwords for every account.
10 Top Tips for Strong Passwords
1. Use a minimum of 12 characters
With passwords, longer is better. Many hackers will start with shorter passwords, as they are easier to hack. The longer your password, the less likely it will be for a brute force hacker to get an exact match. It is also more difficult for people watching you to work out which buttons you are hitting.
1. Use Uppercase and Lower-Case letters
Using upper and lower-case letters are a useful way to add a layer of strength to your password. Try to avoid using an upper case letter as the beginning, as this is a common trait of passwords. Scatter capitals and lowercase throughout your password.
2. Use Symbols and numbers
Symbols and Numbers add another layer. Avoid using the symbols at the start and end of passwords, as this is a common trait in passwords.
Try to stick to common symbols, such as *, &, ! and %. Some website password fields struggle to pick up symbols like pipe keys (|).
3. Avoid words combinations directly from the dictionary
As we explored earlier, dictionary hackers will use a script which logs words from the dictionary into the password field. Therefore, avoiding words from the dictionary is advisable. Using fake words, names or real words but jumbled up is a much better way.
4. Avoid Obvious Substitutions
A common way to “strengthen” a password is to replace a letter with obvious substitution, such as using an exclamation mark instead of “I” or “4” instead of “A”.
These simple substitutions will be checked by hackers as well so it may not be strengthening your password at all. Try to be more random with your letter substitutions if you go down that route.
5. Create passwords based on a story
To help you memorise your passwords, you could use a story or song lyric to help you remember. You can then substitute in , letters, numbers and symbols.
We always celebrate St Patrick’s Day in The Red Lion Pub on the 17 March!
This could become:
Or choose a string of random phrases based on characters and or random thought processes. Such as:
All of these are GTA5 references. You can add some extra numbers and special characters for extra security.
They are memorable, personal and easy to remember. But are difficult for a hacker to guess using the usual techniques.
6. Avoid Using Something That’s “No Big Secret”
Die hard sports fan? Big fan of a particular band? Have a long term partner?
If your social media profile picture is the logo of your favourite band, team or product, then avoid using those as passwords.
Hackers trying to get into a profile may seek to gather information such as birthdays, passions and family members to try to gain access to your profiles.
7. Use Random Characters
Another way to ensure unique passwords is to create passwords entirely randomly. While there are strong password generators out there for generating passwords for you, you can just run your hand over the keyboard to create the password. You could always retroactively create a story around it, or use a password manager to store them.
8. Update your passwords regularly
Ensure that you update your passwords regularly. The recommended average is between 1-3 months. Make sure you aren’t just adding numbers on, you need to be changing them completely.
9. Never share your passwords with anyone…
Your passwords are your personal protectors. You shouldn’t be giving access to anyone who doesn’t need access. Phishing scams may try to trick you into handing over your password, but as a rule of thumb, never hand over your passwords to anyone.
10. …But if you have to, change the password before you give access.
While you shouldn’t give your password to anyone, there may be some times when it’s unavoidable. In that case, change the password before you give it to them.
For example, you may need a company to log in to an account to change something or set something up. In that case, change the password, so it refers to that company, so it’s obvious you changed it for them.
Using Password Managers
The best and safest way to store passwords is in your brain. However, for those who have a vast amount of logins, or struggle with passwords, a password manager may be for you.
With a password manager, you only have to remember one master password, which needs to be as difficult to hack as you can make it.
With a password manager, you can generate completely random passwords, often using an internal random password generator. You then log into the secure password manager on your PC or mobile and it will automatically populate the login fields for you.
Creating a Culture of Strong Passwords
The hardest thing to do is to convince your staff to use strong passwords. Creating a business-wide culture of ensuring passwords are strong will be the key to securing your network.
If your company has an internal newsletter, you could place an article with facts and anecdotes about passwords. Make it fun and interesting, as you will want people to take note.
You could also include password policies into the employee handbook if your company does training for recruits, as them to put in some password training.
So these are some of the best practices for creating strong passwords to protect your network. While a secure password is not the only way to protect your network, it certainly is one crucial step. Follow these top tips to make your password as hard to hack as possible.