previous icon Back to blog
Jul 08, 2021
6 minutes read
Security

Password Security for Secure Business Password Best Practices

We’re not in the habit of scaremongering, but there is a fine line between offering passive security advice and pointing out that we’re in a silent battle against cybercriminals. Here are some password security best practices to remember every single day.

Lisa Lottering
Lisa Lottering

There are many aspects of cybersecurity that we have no control over, but our own password security is not one of them.

Your passwords are the gatekeepers that serve to protect your personal information, your finances, and your private records. Today, they also offer inroads into your company data. The weaker your passwords are the more vulnerable you are as an individual, and the higher the risk to your company.

With so many teams working remotely it stands to reason that our personal and business security are intrinsically linked. What steps should we take to ensure that we are not the chink in the armour?

The Truth Behind Password Hacking 

If you are of the opinion that a data breach or stolen personal records happen to someone else, consider this: In 2018, over 2.5 billion accounts were hacked, which equates to 158 accounts every second of every day. 

The biggest vulnerability was cited as “human naivety.”

Before we look into how to protect ourselves, we’d like to explore the most common methods that criminals use to hack our passwords.

Dark Web

For most of us, this is simply a slightly scary word, but we have no idea where or how this dark web exists. Among other things, it’s the perfect place to buy and sell stolen data - notably usernames and passwords. 

If you have had the same password on one of your accounts for some time, then there’s a good chance it has passed through a few hands. This doesn’t only apply to your email or banking accounts but can be employed on apps that you’ve downloaded, software that you use on your phone or computer, or even data storage accounts. 

A good idea is to check on the integrity of your accounts and establish if they have been leaked or compromised.

Brute Force Attack

Sadly, the advancement of technology has also allowed for the development of some powerful hacking software. For example, back in 2012 one hacker developed a system that could crack any 8-character password in under six hours, even one made up of the required upper and lowercase letters, numbers and symbols. Basically, it achieved this by beating down the door, running through 350 billion password guesses per second

These numbers are almost incomprehensible to most of us, and yet, these systems exist and get better every day.

The Dictionary Attack

As you would imagine, the dictionary attack method works on the assumption that you’ve selected a word or combination of real words for your password. The software then runs through all the words and word combinations until it cracks yours. 

Single-word passwords are far more vulnerable than a random combination of several words.

Social Stalking

Given that we’re likely to use passwords that we can remember, many of us choose to use the names of our children, spouse, or pet. Therefore, if you’ve been targeted by an unscrupulous hacker, they stalk your social channels to determine the names of the most likely candidates in your world to use as a base to hack your accounts. 

In fact, there have been rumblings of social media pages that have “fun polls” to get you to divulge this information. Posts such as, “What was the name of your first pet?” or “What does your child’s name mean?” encourage people to post what they feel is innocent information with total strangers.

What is a Weak Password?

With pretty much everything going online, from banking to personal communication, we have to remember dozens of passwords. Cybercriminals know this and understand enough about human nature to draw some alarmingly accurate conclusions.

  • Passwords that lay out the welcome mat for hackers include:
  • Simple, sequential numbers such as 123456
  • Default passwords such as you’d find on routers
  • The word “password”
  • Short passwords under six characters
  • Names of family members or pets
  • Your date of birth

Best Practice for Enhanced Password Security

Outside of smishing, phishing scams or automated spammy phone calls asking for our personal details, we can remain a difficult target if we practice smart password security.

Stay Away from Personal Information

Many cyberattacks are blunt (albeit effective) instruments that run through the web looking for easy prey. However, there may come a time when you are specifically targeted for whatever reason, which means your entire life will come under scrutiny. 

Avoid using your name, names of your family members, pets, schools or colleges, or home towns in your password. Your date of birth is another commonly used password, but also easily crackable.  

Mix Up Passwords and Make the Password Longer

Remember the brute force attack? While the system mentioned above isn’t freely available, there is still a frightening amount of software available that uses brute force to cycle through your password probabilities. 

For the mathematicians, Scientific American offers more insight into the value of longer passwords.

The crux of the matter is that a 6-character lowercase password using only letters has the possibility of 266 combinations or around 308,915,776 choices.

In contrast, a 12-character password of mixed upper and lowercase letters, numbers and symbols result in a mind-boggling 7212, or 19,408,409,961,765,342,806,016 combinations. That number starts with nineteen sextillions… and goes from there. This improves your password strength and makes it harder to hack.

Essentially, this changes the chances of your password being hacked from seconds into years.

Avoid Obvious Passwords

We may think that we’re being pretty smart replacing letters with numbers and symbols to make up words, but hackers are already onto this. T#[email protected]_3*amp13 (This is an example)

It’s called Leet Speak and there are already dozens, if not hundreds of online translators that can quickly run through these cyphers and unpack them. A good idea is to mix up letters and numbers as well as symbols as randomly as possible. 

Keyboard paths are another common fail when it comes to securing passwords. Qwerty, for example, may be a random word but is an easily cracked password.  

Use Your Words

As we have seen, the longer the password the better. If you still want to use words to make it easy to remember one of your passwords, then again - keep it random to avoid the Dictionary Attack. 

For example, a series of unrelated words such as VerdantChallengeLifeChicken is a better option than BlackCoffee. To add further to a hackers headache, add some symbols into the mix, for instance, [email protected]@llengeL1feCh1cken.

Avast recommends a method known as the Bruce Schneier Method or sentence method. They say, “The idea is to think of a random sentence and transform it into a password using a rule. For example, taking the first two letters of every word in “The Old Duke is my favourite pub in South London” would give you: ThOlDuismyfapuinSoLo”

Use a Secure Password Manager

Password managers are a great way to keep track of multiple passwords and means you only have to remember one password - even though it’s going to be a crazy, long, complex one. Make use of one of the password generators available online too which spit out long, complicated password options.

Multi-Factor Authentication (MFA)

Not only is MFA brilliant to protect your passwords, but it also serves to notify you when one of your accounts is being accessed by, say, a prying ex. 

MFA requires something more than a password before the user is granted access. This can take the form of a biometric scan, an OTP, or a token from an authenticator app on your phone. The Google Authenticator App is a great option that loads a new token every few seconds and offers a great added layer of security.

Safe Proof Your Business Security

Your IT department will certainly do its best to keep your data secure, but it’s up to the individuals in your organisation to ensure that they are aware of the role their password security plays. 

Yes, constantly changing passwords and updating security information can be a bit of a bore, but it’s good to remember that three short years ago, the world was experiencing 158 breaches per second. 

We invite you to chat with our team of professionals to discuss your digital security and how we can add value to your business.

Tags
Lisa Lottering
Lisa Lottering
logo linkedin icon
is the Snr. Digital Marketing Manager for Sub-Saharan Africa at CM.com. She is passionate about digital marketing and customer experience. She is dedicated and committed to enhancing the CM.com brand locally using strategic marketing campaigns via various channels.

Latest articles

Nov 22, 2021 • Security

Multi-Factor Authentication Use Cases

Multi-factor authentication, or MFA, is one of the most effective ways for businesses to protect their systems and customers’ online accounts from hacking, spamming, data theft, and more. Let’s take a look at some common multi-factor authentication use cases in high-risk industries that could benefit from using MFA in their security protocols.
Mar 30, 2021 • Messaging

10 Applications of Our SMS Gateway Within a Company

If you want to ensure your marketing message to be seen by your target group, then mobile is the best channel – SMS in particular. Using business SMS online is easier than ever with our intuitive online interface. Let’s go through how an SMS Gateway can help you engage with your customers.
Mar 28, 2021 • Security

A Vital POPI Act Requirement: Two Factor Authentication

Have you ever had money disappear from your account while you are sitting at home? Or checked your ID number only to find that you are married to someone you have never met? Sadly, this is the risk we take when entering our personal information online. Whether in a personal or business capacity, we all face the possibility of having our information or identities stolen. While nothing can guarantee the safety of your online information, two factor authentication is a secure option to help protect your data.
Dec 03, 2018 • Security

CM takes next step in platform high availability

When SMS Messaging is a critical part of your business processes, it’s important to work together with a partner which ensures high availability. For almost 10 years, CM.com has provided a double redundant SMS gateway to high-end customers. From now on this high availability is ready for all our customers.
South Africa
CM.com logo phone icon +27 (21) 180 2560

Is this region a better fit for you?

Go
close icon