Perfect passwords

Hipposerve

Ok, hands up – who here uses the same password – or the same group of passwords for the majority of their logins?

Well you would be in good company, as it is thought that about 80% of people do just that. Up until a few years ago I did exactly the same.

I had my old trusted group of passwords that I had been using – well forever it seemed! I had one I used for my banking. One I used for my computer login, and another I used for everything else, email, website memberships, app logins – LITERALLY EVERYTHING else.

Password Breach

Then one day, I was using updating my website and the security plugin threw up a warning. It has a tool that analyses the integrity of a password and was able to tell me that my login password has been published on a “list”.

What this list was? Who knows? Where it was kept? No idea. Who had access to it? Now that was the scary bit – it could be anyone!

What to do Next?

I then had to start thinking about the countless times I had used this password. Simply going through every site I remembered and changing it with replacement was going to take forever – and who was to say that in a few months the same thing wasn’t going to happen again?

Scary Stats

After doing a bit of research I found out some more scary stats:

63% of all data breaches are down to weak or compromised passwords
83% of data breaches go undetected for many weeks
40% of people have had their password hacked at some point.

Password Policy

With these in mind I decided that I needed to take action, to not only protect me, but also my organisation. I decided to develop a robust password policy and this followed these four basic ideas. 

1. Never use the same password more than once – have a unique password for every bank account, website and other login.
2. Use Strong Passwords – A minimum of 12 characters, with a mixture of letters, numbers and special characters if they are allowed.
3. Never Discuss with Anyone – Only share a password with someone you would share a toothbrush with – i.e. no one!
4. Use a Password Management Tool – These can be life savers. There are many free pieces of software the do the job – See Below.

Password Management

Now adopting idea 1  above caused some significant logistical issues. Remembering these countless passwords would be a nightmare. I would probably have to write them all down somewhere – something that is fundamentally insecure!

Fortunately I discovered a range of password management tools to make this process as painless as possible. Using specialist software to manage your passwords can increase your security and save time. The piece of software I chose was called BitWarden – mainly because for the basic version is free and fully featured!  Like many of these tools It is cross platform, so it works not only on your computer, but integrates with web browser and your mobile devices, so you always have access to your secure password locker. Nine months in and I now have over 200 unique passwords.

In the end I found this so useful I bought the paid version, which also includes a tool for remembering all those annoying two factor authentication codes – for additional security!

In Summary

In terms of basic cyber security don’t be lax on your passwords. It is not worth it. If you own a website, the more popular it becomes the more people will try to hack it and access it – just think of the damage that could be caused to the reputation of your business!. As a web hosting provider, most of our site repair work comes from clients who have used generic passwords, such as “123456” and “Password”. Yet solving these issues is straight forward and certainly not costly.