It’s easy to point a finger and have a good laugh at other people’s weak passwords.
But the scary thing is, according to the nbn network, some of the favourite passwords for Aussies and Kiwis are “123456”, “12345678”, “password” and “qwerty” (the six top left keys on most keyboards). An annual ranking by SplashData indicates the same favourites year after year, although there are sometimes minor variations – last year, for instance “star wars” was added to the list.
Poor passwords are a big reason why LogRhythm, a security intelligence organization, found that many Australian companies are vulnerable to cyber attacks that can steal data, and worse, customer or client data.
More than 1,000 employees were recently surveyed, and indicated weak or inconsistent passwords at most of their workplaces. Often, it was due to poor security policies, but sometimes it was just that workers had too many to remember, which could explain the basic number or letter sequences.
These days, however, passwords are more important than ever, especially due to a rise in cyber attacks, malware and phishing. Security personnel are sharing the message that isn’t just multinational or foreign companies that are being targeted by hackers, but any-sized organisation. A strong password system is an excellent line of defence for internal or external threats.
Some sensible password strategies include:
- Require multiple passwords for different areas. Though employees may complain and say that using the same one through all company networks saves them time, it also makes it easier for cybercriminals to crack a system once to access your entire network. Having different logins for different servers or security areas could limit access – even from your own staff.
- Don’t use personal details in passwords. Some prefer easy passwords like a family pet, a maiden name, a neighbourhood or a birthday. But these are easier to guess.
- Create time limits. Managers can encourage employees to log out every time they get up or put down their phones. But a policy like this will rarely be 100 percent effective unless their desktop and mobile devices are programmed to automatically lock up after a short amount of time. They won’t just go to sleep, which is a common energy-saving task, but also require a login to reactivate. This could cause some gripes, but better security can be worth a few extra seconds. A directive can also be offered to make sure passwords are not placed in obvious places, like on a sticky note on a monitor.
- Discourage auto-logins. Some sites remember your passwords and other credentials by putting a ‘cookie’ into your system. This makes pages load faster and doesn’t require a login on every visit. However, this can create security concerns, especially for unauthorized access to a computer or device history.
- Try a password manager. This type of software can help people customize their passwords, with random letters, numbers and characters. It also can create longer strings that are more difficult to guess (12 letters instead of the common 5 or 6). These can also have a shorter lifespan than a personal password that may never expire. A generated password may only last a day or a week until a new one is created and issued. This policy can also deter hacking efforts – if someone tries an older password, it may not work, or could even set off alerts for improper access.
403Tech Inc is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at (403) 215-7506 or send us an email at [email protected] for more information.