In this guide, you'll learn how to keep your IT systems and online services secure by using complex passwords. Too many people save their passwords in a spreadsheet or worse still, write down their passwords on notes stuck to their desks.
People often struggle to choose a password for fear of either forgetting it or lack of inspiration. Equally, quite often, it can be a struggle to meet password complexity requirements. Most workplaces and online services now require secure passwords.
Let's start here;
I use my password at the start of the day to log on to my computer. At the start of the day, I grab a coffee. This is an easy way to remember my password and meets the complexity requirements of most workplaces and online services. For even greater security, try integrating your password into a sentence instead.Just so you know, this is not my password, it's just an example :)
(I've just had a skinny latte)
A password generator will generate a password for you automatically based on the requirements you set. This takes the decision making away from you but in return, you'll be presented with a more complex password that's ultimately, harder to remember and harder to guess. You'll probably want to use a password manager if you generate hard to guess passwords. (See Below)
Yes, it can be frustrating when you have to constantly change your passwords. It makes remembering them even harder. When you're prompted to change your password, you could simply add a number to the end of your password. Whilst it's still a secure password, many systems will prevent you from doing this. Windows server in particular (if set by your administrator) can prevent similar passwords.
The trouble is, if a password is compromised by a hacker, they will, of course, give it a go. If it doesn't work (because you recently changed it), the first thing they're going to try is password2, password3, etc. Don't make it easy for hackers to break into your IT systems. Always choose a secure password and a password that has not been used before.
Do not use the same password for multiple accounts or services.
Every service or website MUST have its own password.
You should not use a word from everyday language because software exists that will take a text file and try every password until the correct one is found. A hacker uses what is known as a "Dictionary Attack" in an attempt to guess your password. This is why it's extremely important to get creative with your passwords.
Password management software generally comes in two flavours. You can purchase an online subscription to a password management service such as LastPass or download software to your PC.
You'll often see in the news that a website has had their data stolen.
Recent breaches include;
There is a good chance you've had your data stolen if you've ever used one of these services. These are just 3 high-profile attacks but many smaller breaches occur every day.
Email addresses, Home Addresses, Passport Information, and of course, your trusted passwords are just some of the information that has been previously stolen.
Stolen data is generally sold on the DarkWeb or DarkNet or simply published for all to see. It allows anyone to buy up stolen credentials.
Imagine a scenario where you've used the same email address and password on many websites and your email address and password have been stolen. The hacker has managed to gain access to your email account. Whilst you may not have anything of interest in there, the hacker does notice an email showing you paid for a product with PayPal. Great he thinks! - Let's head over to PayPal and enter the email address and the same password. Damn, he thinks, on this occasion, they didn't use the same password. BUT WAIT - I can click the "I forgot my password" button. A password reset link is sent to the email account he currently has access to, resets the password, and then heads off for an online shopping spree!by Paul Stanbra