How hackable is your password?

Did you know the popularity of Liverpool Football Club has made it a commonly guessed password by hackers around the world? But unbelievably, “123456” consistently ranks each year as the most common – more than 103 million uses of this password were counted in the annual Nordpass survey in 2021.  

On May 5, World Password Day, it's a perfect time to check how secure your passwords are, and what you can do to manage them all! Why is this important? Here are a few good reasons:

• Cyber attack is one of the biggest threats facing Australian businesses today.  
• Over 50% of Australian businesses have been attacked in the last twelve months with ransomware, phishing or malware incursions.  
• Reported cyber attacks occur every eight minutes in Australia.  
• Plus, the current geo-political climate means more businesses and individuals are being targeted by foreign cyber criminals and strong passwords along with multi-factor authentication is one of the ways we can protect ourselves. 

Hoping for the best, but planning for the worst, it is not a case of if, but when a business will be attacked. 

So much of our personal and business data is stored online and it’s critical to do everything we can to keep it safe and secure and out of the hands of the hackers.  

Human beings bring their humanity to password creation 

Humans love to include words in our passwords that are personal and meaningful to us, just like: 

• Loved-ones’ names  
• Sporting teams  
• Pet names  
• Street names  
• Birthdays.   

Using personal information in your passwords makes the work of potential hackers easier and it should be avoided, but there are also a range of other actions you can take to make stronger, safer passwords.

Use at least 8 characters in your passwords but don’t make them too long.

• Why? Short passwords are easier to ‘crack’, but if the password is too long it can be difficult to remember. 

Don't require character composition requirements. For example, *&}^%$: 

• Why? Enforcing this rule often results in users creating passwords that are weak or difficult to remember, e.g. Password! 

Don't require mandatory periodic password resets for user accounts. 

• Why? This encourages people to create weak passwords with simple incremental changes, e.g. Password2. 

Ban common passwords, to keep the most vulnerable passwords out of your system. 

• Why? Stopping users from setting common passwords like Password means that hackers automatically trying common passwords for accounts will have less success. 

Educate your users to not reuse their organisation passwords for non-work-related purposes

• Why? If their personal accounts, which may be less secure, get hacked the hackers will often try to use those credentials for many other accounts and if the password is the same for their work account, the hacker will get access to it.

Enforce registration for multi-factor authentication and enable risk-based multi-factor authentication challenges. 

• Why? 99.9% is the percentage of threats to passwords that can be stopped using multi-factor authentication, according to Microsoft.

Don't use a password that’s the same or similar to one you use on any other websites. 

• Why? Importantly, if your password for a certain site has been compromised – like was the case with the Dropbox, Yahoo and LinkedIn hacks – make sure you don’t use a similar format password, or the same password on other sites as you expose yourself to hacking again. 

How do you keep track of all of your passwords?  

There is broad range of password manager applications which generates, stores and protects all of your passwords, such as: 

• Lastpass
• Bitwarden

These are user friendly and far more trustworthy platforms compared to storing passwords in your phone or through Facebook and they have several layers of security.  

Think of storing passwords in your phone like using a digital exercise book – if your phone is hacked, your passwords may be on display.  

Apps like Lastpass and Bitwarden: 

• Store your passwords.  
• Encrypt them all.  
• When you need to use one, you can un-encrypt the password through one main password – it unlocks access to your other passwords.  
• It's available across all platforms so is device agnostic. For example, if it’s a website, you add a browser extension, login with your password and then it auto-populates.   

How Veracity can help businesses ensure their data is cyber safe.  

• We assist our clients stay safe by designing in cyber security components into our IT solutions and platforms such as Advanced Threat Protection, Data Loss Prevention Policies and Multi-factor Authentication (MFA).  
• We also partner with cyber security specialists to help clients implement recognised cyber security standards. 
• We conduct IT health checks with clients and provide specific advice on the best password management tools for your business. 
• Veracity can help to implement password and multifactor authentication policies in you business. 

CYBER SAFE HEALTH CHECK 

• We conduct independent high-level Cyber Safe Health Checks to assess the strengths and vulnerabilities of your IT environment. 
• Our Health Checks examine cyber policies & procedures, data protection practices and infrastructure hygiene. 

CYBER RESILIENCE FRAMEWORK 

• Our Cyber Resilience Framework is designed to fill any gaps in your cyber armoury. 
• We work with you to implement appropriate cyber policies, procedures, practices and training to protect data and develop a cyber resilient culture. 

DARK WEB MONITORING 

• We monitor the dark web 24/7 and alert you if your corporate email and password credentials appear on it. 
• Dark web monitoring is a preventative measure that gives you an early warning sign of possible incursion. 

Contact Veracity today about how we can help you keep your business cyber secure.