resources. sequel talks.

05 June 2017

One password to rule them all?

The hackers are coming, you have been warned.

It’s World Password Day, though we’re sure you knew that, right?

Let’s be honest, passwords are one of the necessary evils of modern life. We need them, but we rarely think about them. Yes, we’re constantly creating, remembering and resetting our passwords, but we rarely consider whether they are actually any good at the job they’re meant to do.

Stats suggest they aren’t. Thanks to cybercrime, fraud is now the most commonly experienced crime in the UK. Many cases go unreported – even undetected – and high-profile hacks hitting headlines are just the tip of the proverbial iceberg.

In short, hackers are after your data, and you’re probably making it too easy for them.

If there’s an easy pattern to your passwords, or you reuse them across multiple accounts, it could take just one data breach on a seemingly innocuous website for hackers to start building a detailed picture of who you are, where you live, where you work, and so on.

Your password behaviour could even be putting your company at risk.

Hackers can find creative ways into workplace IT systems. A chain is only as strong as its weakest link and all they need is one vulnerable point (you) before it’s a hop, skip and jump to your company’s precious data.

Viewed through this lens, is it time internal communicators started taking passwords a LOT more seriously – both as a topic for communications, and in terms of protecting our digital publications?

Password protection is still seen by many in our industry as an (unnecessary) barrier to entry. The argument we often hear is: “You could easily leave a printed company magazine on the bus, so if there’s no sensitive information in the digital magazine, what’s the point of a password?”

That’s a sound argument for leaving access open, and, counter intuitively it’s probably a better option than having password protection on a low-level secured site that is hackable.

Once you add passwords to the mix, you’re essentially giving hackers something of value to steal, so if you do need password protection, a word of caution: make sure you do it properly.

That means taking the issue seriously, engaging with your IT team to synchronise access with your Active Directory, enforcing secure passwords and even considering two factor authentication if you want extra peace of mind when you lay your head to rest at night.

How to create a killer password

Any tech expert will tell you that the most vulnerable point in an IT system is the people who use it, so perhaps it’s time to beef up your password security:

  1. Use a unique password for every online account. That might sound like a headache, but the free application KeePass can safely and securely save all your passwords, leaving you with just one ‘master password’ to remember. Easy right?
  2. If you use KeePass, make sure your master password is really robust. Write it down somewhere and never rely on your memory for this one; if you forget it, you can kiss your digital life goodbye.
  3. Longer passwords = better passwords. Length really does matter in the world of passwords. Adding just two extra characters to a six-character password can increase the time a hacker needs to crack it from days to months.
  4. Don’t use words you can find in the dictionary. If you do, make sure you create your own version by randomly ‘padding’ it to make it longer and entirely unique to you i.e. dic77—tio(!)nAry–.
  5. Use a website to help you create that killer password. If you can’t think of a really secure password, or simply can’t be bothered, try