In an ever-changing digital world, your passwords can be seen as the keys to your business. If someone finds your password, they pretty much have a copy of your digital ‘key’ and have free access to your private information. To give an example of what can be accessed, Data from the NCSC showed that ‘42% of Brits expect to lose money to online fraud’. If a password is strong and kept secure, you shouldn’t really need to change it, but just like your keys, you don’t use the same one for different things. Different passwords need to be used for different accounts.
Find out more in our article about password security and how you can effectively make sure they keep you and business protected.
How do passwords work?
Your password is a unique set of letters, digits and characters that is used to gain access to accounts and other types of private information. Passwords are used by everyone for many different things and they primarily act as a defence against attackers trying to gain access to personal information.
In many online systems, your password will be encrypted with a one-way hashing algorithm. Hashing effectively turns your password into a string of letters and numbers when you register a password so,when you try and log in to your accounts again, the same hashing is applied when you type it in. The two hashes are then compared in order to be verified and given access.
When your password system is compromised, hackers may gain access to user names and other pieces of information. If the password is hashed though, the hacker wouldn’t immediately be able to use it.
How do passwords get stolen?
Attackers can use a variety of different ways to attempt to steal your password. This includes:
- Physical watching: someone who watches you closely when logging in and attempting to remember what you typed
- Physical searching: searching areas around devices or workplaces for passwords that may be written down or exposed.
- Force: using millions of different passwords in an automatic process to try and find the right one
- Guessing: using predetermined information to try and guess what your password is. (For example, some passwords can be guessed through information posted on social media)
- Key-logging: a device or piece of software that is installed by a potential attacker to intercept and see what passwords you type in
- Tricking: an attacker who convinces you to reveal your passwords
- Network searching: an attacker who scans IT systems for insecurely stored passwords
- Intercepting: an attacker who effectively ‘breaks in’ to information that is transmitted over a network and looks for passwords
These instances are important to take into account and why having a long password helps. If you increase the amount of characters you put in, then it makes it harder for hackers to crack. Upper/lower case letters, numbers and symbols, each of these may have hundreds of different possible combinations individually, so use them wisely. If you keep passwords simple and only stick to lower case letters, then you are making it easier for the hacker with only 26 possible combinations for each character.
How long does it take to guess a password?
The time it takes to crack a password depends on a lot of things, but here is a simple guide:
- 7 characters: <1 second
- 8 characters: ~5 hours
- 9 characters: ~5 days
- 10 characters: ~4 months
- 11 characters: ~10 years
- 12 characters: ~200 years
Basically, each additional character you add makes it harder to crack.
Cracking passwords can take a lot less time if the hacker is familiar with the password format. This is why using known practices such as using an upper and a lower case letter, in a familiar format, can be considered not the best practice. It will take less time if the hacker knows the first letter of a password is likely to be upper-case and the last character is likely to be a number.
It is important to note that password policies that require frequent changes to passwords can also increase risk due to users potentially exposing them more in fear of forgetting them.
How to create a good password?
A good password is one that is easy to remember, but hard to guess.
If you are struggling to remember complicated passwords, use fewer character types, but make the words longer and part of a pattern that may resonate more with you. A good password can consist of four random words; it gives you the length and would be very hard to crack e.g. housetractorsundaetrombone
A bad password is one that sticks to a known format, such as a pet name or your first car and let’s face it, this type of information is out there and easy to spot. Take a look at the most used passwords for 2021, do any of them look familiar?
How can I manage my passwords?
If you have trouble remembering your passwords or have a lot of different ones for different accounts, consider using a password manager that is secured with a long ‘master password’ For your security again use a password that follows our tips but also one that is easy for you to remember. A password manager is a secure website that allows you to store log in information for all the accounts or websites you have access to. This system saves you time and means you don’t need to remember long or complicated passwords
How can passwords be compromised and how can I protect them?
Passwords can be compromised in a number of different ways, such as:
- Telling someone
- Storing in an insecure place
- Making it too easy to guess
- Shoulder surfing
- Stolen through a key-logger
- Intercepted over the network
- Password stolen from another system
Remember: Never give anyone else access to your account!
Password security: things for you and your team to remember
- Use long passwords, the longer the better (14 characters+)
- Create passwords that are easy to remember but hard to crack
- Don’t physically write passwords down
- Use passwords that don’t have association with you or your business. Similarly don’t post personal information on your personal social media, that you might use as a password
- Try and use different passwords for different accounts
- Be aware of your surroundings – for example always carry your device with you if you’re working a public space
- Never tell anyone your password
- Never give anyone access to your device
- Try and enforce password length as a requirement
- Keep device software up to date
- Allow users to create their own passwords
- Use a password manager where you can
If you want to know more about passwords and cyber security, you can always take a look at Edtesa’s security pages to get information on all the latest tools and services, that are here to support you or your workplace. We have a data protection service, cyber-security software and training packages available for you to discover!