In our next part of business communication security we will talk about password security.
Passwords are intended to protect our personal data and the associated services from unauthorized access by third parties. In the early days of the Internet, the password was an easy-to-implement solution for granting legitimate access. Other methods of security were possible at the time, but were too complex or expensive.
Unfortunately, unauthorized persons are increasingly interested in gaining access to services and data in order to profit at our expense. The well-known phishing is often used for this purpose. Read more about this in our blog post Anti phishing. Brute force attacks are also often used to gain access, using dictionaries and popular number strings, for example, the date of birth. It is frightening that little value is placed on strong passwords and made easy for attackers. Online you can find some scary examples of how user handle their data.
There are several ways to protect your passwords. Password managers are a quick and easy option. They allow passwords to be stored securely. Often a password generator is offered with which secure passwords of sufficient length can be generated. Now we can secure each service with an unique password without having to remember everything.
You should ensure that the passwords can be accessed on all devices used. Of course, the password manager must also be secured. A strong password, e.g. a passphrase, is useful for this. A passphrase is a string of words. Multifactor authentication should also be used on mobile devices to unlock the password manager. More on multifactor authentication and other protection mechanism will follow in an article on account protection. But which password manager should we use? There are many articles online that can help with the selection. The costs and features are compared.
Several providers offer free versions (personal use) of their password manager. Read this recent evaluation of password managers for personal use. In enterprise environments you might want to consider some other providers as well.
Many concepts and ideas have been invented over the last couple of decades. Recently, passphrases have become popular as they are cosidered to be easy-to-remember-passwords and complex passwords at the same time. Secure passwords must have plenty of characters and it's not sufficient to generate a short password which is just complex in terms of the variety of the characters you use.
Example passphrase:
We can form a sentence and ideally add numbers and special characters in order to be well protected. There should be no limits to creativity, but it would be beneficial if the sentence can be easily remembered and "recalled" with associations. An example would be a description of the vacation picture on the desktop or a description of what your favorite hobby is all about. From the sentence: “fresh air jogging around bellevue castle at 1:30 pm” we could build: “FreshAir.J0gging.BellevueCastle1337!”
Which password type to choose?
It always depends on the use case and what kind of systems you want to protect. However, it is recommended to have a default password complexity strategy in place, i.e. always 30 randomised characers or phassphrases with 5 words. For high security systems you might want to incrase the count of characters accordingly.
Most important!
Never re-use a password for multiple systems. Always generate a new one for each and every account! You are asking why? Especially when passwords get leaked they remain with the attackers in big databases and will be re-used upon their next attempts. Thats why the the only secure way is, to re-generate passwords every time you create a new acount.
Strong passwords need to be integrated into our everyday lives. With tools such as password managers and mnemonic devices, this is not rocket science these days. Lets increase our security in business and personal life!
Find us on social media ablogs well!