Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Password Security Tips

Password Security

about the author

Password security has never been more important. We use a password for pretty much everything we do online, whether it’s logging into our email accounts, bank accounts, social media sites, shopping accounts, online forums, the list is endless!

A new study has revealed that “love,” “star,” and “girl” were among the most common words used in leaked passwords.

For their analysis, researchers at IT training provider CBT Nuggets examined 50,000 leaked emails and passwords using the API. Those credentials gave them information on the affected users’ genders, ages, names, and locations.

The team found that several words occurred across their pool of compromised combinations. “Love,” “star,” “girl,” and “angel” were the most common, followed by “rock,” “miss,” and “hell.”

But that’s not even the worst of it. CBT Nuggets explains in a blog post:

“If using personal data in a password is a big no-no, using your own name is an even worse mistake….

“Although many users know that name-password combinations are insecure, more than 42 percent of those 50,000 leaked passwords still included usernames, passwords, or real names. The worst offenders?

“People who are named Amy, Lisa, Scott, Mark, or Laura.”

Password Security Tips

The study also provides some information about the affected users’ demographics. For instance, users aged 25 to 34 were four times more likely to be hacked than any other age group. Those individuals were mostly men with common first names like Mike, Chris, John, or Dave.

Among those passwords analyzed, Yahoo had three times as many of them as did Hotmail, Gmail, or any other email provider. No doubt the 2014 breach of 500 million Yahoo users’ accounts we learned about in September had something to do with it.

Password Security Tips

CBT Nuggets’ study demonstrates that users continue to employ weak passwords that incorporate dictionary words and/or personal information. Unfortunately, bad actors can easily break those combinations using brute force attacks, which poses a serious risk to organizations’ corporate data.

Companies should respond to that threat by training their employees about password security best practices.

5 Simple Password Security Tips

1. Create Unique Passwords

The secret to creating a unique password is to make it memorable but difficult to crack. A strong password should be between 12-20 characters long, contain a mix of upper and lowercase letters, and include numbers or symbols.

To make it even more secure, you can create a pass phrase that is unique to you. The phrase should be around 15 characters long. The first letter of each word will form the basis of your password and letters can be substituted with numbers and symbols to add further protection.

2. Use Different Passwords for Different Accounts

With so many different online accounts, it can be tempting to use the same password for multiple accounts to gain quick and easy access. However, this is extremely risky and if attackers can work out just one of your passwords, whether it’s a Facebook account or your online banking details, they can potentially access every single account you have. It’s always best to use different passwords for different accounts to ensure your data remains safe and secure.

3. Consider the use of a Password Manager

It can be a daunting task trying to remember lots of different passwords, but a password manager will provide a centralised and encrypted location that will keep a record of all these passwords safe.

Password managers store login details for all the websites that you use and logs you in automatically each time you return to a site. The first step when using a password manager is to create a master password. The master password will control access to your entire password database. This password is the only one you will have to remember so it’s important to make this as strong and secure as possible.

Password managers can also protect against phishing attacks as they fill in account information based on registered web addresses. If you think you’re on your bank’s website but the password manager doesn’t automatically log you in, there’s a good chance that you’ve strayed on to a phishing site.

4. Update passwords

To ensure that your online accounts remain safe and secure, it’s best to update your password on a regular basis. If you continue to use the same password year after year on multiple accounts, it greatly increases the chance of your accounts being hacked.

Entire passwords can be changed, or elements of each password can be changed to make it easier for you to remember but harder to crack. Rather than change your full password, you can change characters, numbers, add symbols, or reverse the use of uppercase or lowercase letters.

If one of your accounts has been compromised, you should immediately change the password on the affected service and any others that use the same or similar password.

5. Two-Factor Authentication

Two-factor authentication offers an extra layer of defence in protecting the security of your accounts. There are a range of different two-factor authentication sites available that can be used for this process.

Once you have registered, you can log in into your accounts as normal and enter your password. As soon as you do this, the two-factor authentication site will send a one-off code to your phone that you must enter before gaining access to your account. This reduces the chance of a hacker being able to gain easy access to your accounts.

The Ultimate Guide to Security Awareness Training

Cyber Security Awareness for  Dummies acts as an indispensable resource for implementing  behavioural change and creating a culture of cyber awareness. 

Phishing Cyber Security Awareness

In this guide, you will learn: 

  • What Cyber Security awareness means for your organisation 
  • How to implement a cyber risk awareness campaign 
  • The critical role of policies to  establish safe baselines 
  • How to maintain momentum and staff engagement 
  • 10 Cyber Security awareness best practices

you might enjoy reading these