It's reasonable to assume a hacker is working for financial gain in some way, shape or form. The last thing you want to do then is make it easy for them to earn a living at your expense - to access your data, encrypt it and then make you pay up before releasing it back to you.
Fortunately, there's plenty you can do to make sure you don't become a victim. By establishing some password management standards in your business you'll definitely keep a step ahead.
Make them different
If you're like most people, you probably have log in credentials for a range of online websites & portals - banking, memberships, software etc. It's often hard to remember more than a couple of passwords, so along with 50% of the population, you're likely to use the same one (or a variation of) for them all. And that's exactly what hackers take advantage of.
If they discover just one of your passwords, they can run software against it to draw out predictable sequences of characters or other non-random sequences - potentially discovering a list of your online credentials.
We strongly recommend you differentiate your passwords as much as possible.
Make them complex
Hackers are always trying to be a step ahead, and the software they use to try and crack your passwords can be extremely sophisticated and run at great speed. But you can slow their pace down with complex passwords that take a long time to discover.
As an example (at the time of publishing this post):
- The password Sydney123 would take approximately 3 days for a hacker to crack
- If you add a symbol and change it to Sydney@123, it would take approximately 5 years for a hacker to crack
- Add 2 more symbols, and it would take a hacker approximately 34,000 years to discover Sydney@&@123
For most businesses, we strongly recommend you use passwords that are at least 15 characters long and include a mix of upper & lower case letters, numbers and symbols.
However, the Australian Government Australian Signals Directorate’s guidance as at April 2023 is to use passphrases whenever possible. Examples of four word passphrases are ‘diamond carrot door pretzel’ or ‘green hut earth bus’ but you can use more than four random words to make your accounts harder to crack.
Not all applications support passphrases, but if your apps do, then opt for passphrases that are:
Subscribe to a Password Manager
Remembering a variety of passwords can be challenging, so we recommend subscribing to a password manager like LastPass.
The password manager acts like a vault which securely stores all your passwords in one place. With only one master password to remember, you're granted access to all your passwords. In addition, your login and password are auto-filled for any site that is listed in your password manager.
Activate multi-factor authentication
Unless a hacker is in close proximity and able to steal your mobile phone at the same time as they steal your password (which is highly unlikely), multi-factor authentication can beat them at their game.
After logging in, you receive a text message with an authentication code you then input to confirm your identity before you're able to access your information.
It's fairly common for banks and financial institutions to enable multi-factor authentication. For any portal you log into, we recommend you check the settings for your profile and activate multi-factor authentication where it's available. Our recent blog post provides a good explanation on all things MFA.
Best practice makes perfect
To help strengthen your password security even more, download our list of tips to make sure you're doing all you can to keep hackers away from your credentials.
If we can help you with your password security requirements, please feel free to get in touch with your local efex Business Development Manager or email firstname.lastname@example.org