Password security (Cybersecurity Awareness Month: Week 2)

11 October 2021

For week 2 of Cybersecurity Awareness Month, we’re looking at password security. A survey by Google found that 50% of people use the same passwords for the majority of their accounts, making them much easier to hack.

Make sure you use different passwords for different accounts. Never use the same password at work that you use for personal accounts at home.

You must ensure not to reuse passwords or have ones that are similar to your previous passwords. They should all be totally unique across systems and after a password change. A 2020 survey by security.org found that 14% of 750 Americans were using “Covid-19” as part of their passwords!

Creating a strong password

Password security has never been more important. According to data from the Office for National Statistics, online fraud has increased by 70% in the last year.

If a hacker is able to access your accounts at work, they could obtain dangerous information, install malware, steal data, or attempt a cyber-fraud like whaling.

Social media sites often show up in data breaches – in 2016, hackers obtained 164 million LinkedIn passwords and another 359 million from MySpace. Consider how many people might reuse passwords across multiple accounts, including for work.

Password best practice – ‘three random words’

Current guidance, from the National Cyber Security Centre (NCSC), recommends your passwords should be made up of three random words strung together. For example ‘coffeetrainfish’ or ‘eaglecrumpetsdiary’.

In an NCSC blog post, they explained how this method can help prevent cyberattacks.

Traditionally, password advice has been to create something with numbers and characters. But this can be hard to remember and cybercriminals have sophisticated ways to crack these passwords. As the NCSC puts it: “security that’s not usable does not work”.

With the three random words method, users can create a secure password that they’re more likely to remember.

Why is ‘three random words’ the best method?

Criminals are using increasingly sophisticated methods to commit breaches. Many have algorithms that can predict common patterns within passwords to meet security requirements. This includes methods like using a zero instead of the letter ‘o’, or adding a 1 to the end of the password.

Passwords made up of three random words are longer by nature. Length has always been an important feature of password security. Additionally, using a combination of random words creates unusual combinations of letters. This makes it more difficult for hacking algorithms to detect.

“To make it harder for attackers, we need to increase the diversity of password use.”

If you suspect you’ve been hacked, change all of your passwords immediately. You should always use different passwords for every account, and never write them down or store them in a shared file.

To find out more, contact your IT team or visit the NCSC’s website