In a recent global research by Lenovo, a majority of employees surveyed believe the COVID-inspired shift to working practices may have a long-lasting impact on how employers view remote-work policies.
With more people working remotely, many more remote devices will be connecting to businesses’ networks – often via VPN – than ever. This increases the likelihood of employees using unsecured WiFi connections.
Alarmingly, this coincides with observations of a surge in hackers taking advantage of the pandemic in Australia. With hackers becoming more sophisticated than ever thanks to evolving technologies, businesses need to take a proactive stance when it comes to educating staff on what exactly is meant by a “secure password”. This information is increasingly vital in a time when there are heightened risks to security and crisis scams abound.
First, know what a weak one looks like
The first step in creating a strong password is knowing what a weak one looks like. Often, weak passwords include common words or phrases that are easy to guess (especially by someone who knows you), are short or can be easily deciphered.
Recently, an Australian defensive cyber researcher was able to penetrate the World Health Organisation’s (WHO) systems using an old database of emails and passwords leaked online. Robert Potter observed that forty-eight WHO employees have “password” as their password, one of the most common, and most commonly hacked, passwords out there.
Here are a few more examples of weak passwords, and password characteristics, that you should avoid:
- Your name or a family name, birth year, anniversary or any other identifiable date is risky and easily guessed, and if they can be easily guessed, you can be easily hacked.
- Too short a password leaves you vulnerable to hacking. The longer the password the harder a hacker, or their code-breaking software, will have to work.
Try to incorporate a phrase into your password
An easy and clever way to devise a memorable, yet secure, password is phrases. The length of this phrase is important as each character you add makes it that much harder to crack with brute force tools. Be sure to include spaces into your password if the site allows.
Combine and customise passwords for specific sites
One of the most basic cyber hygiene practices is to refrain from using the same password for multiple sites or platforms. When Disney+ launched late last year, Australians had their accounts compromised despite there being no evidence Disney suffered a direct security breach. If one site falls victim to an attack and your credentials are sold on the dark web, any hacker can purchase this information to hack another service.
Remember your password maintenance
Once you’ve landed on a password there’s only one step left: making sure you keep your new password secure. Password maintenance is a crucial component of password security, so here are a few things to keep in mind in order to keep a strong password secure:
- Do not reuse your password. If you choose to use the same password for social media platforms, shopping sites, or bank logins and one of them is breached; you’re now at risk of hackers or criminals gaining access to your info on those platforms, too.
- Do not share your password. It may be tempting to share passwords with family members and friends, but the second your password is in another individual’s hands, your account becomes less secure.
- Do not write your password down. While tempting, this is a basic cyber hygiene practice that everyone should be following.
- Use a password manager. There are plenty of applications that store your passwords for you securely.
Tyler Moffitt, Security Analyst, Webroot