Password security still ignored

By Clive Taylor from cyber-security firm Quiss Technology.

With so much publicity given to serious data breaches, and the devastating effect a hacked password can have for individuals and businesses, the most recent report from the National Cyber Security Centre (NCSC) makes for worrying reading.

The report highlighted that 70% of those asked believe they will fall victim to a cyber crime within the next two years. The NCSC breach analysis found 23.2 million hacked accounts of victims worldwide used 123456 as the password, which is unlikely to take a sophisticated hacking app long to ‘guess’.

As businesses continue to ignore the most basic security available to them in the strength of their passwords, it seems there is still a lack of understanding about the nature of modern hacking attacks.

Taking the lead on cyber security-related issues within the UK, the NCSC uses its own research and findings to deliver practical guidance to businesses of all sizes.

The report delivered by the NCSC is based on data compiled from telephone interviews and shows that 37% of respondents agreed that losing money or personal details over the internet has become unavoidable.

Ironically, the same report reveals a serious disregard for password security, with many individuals setting weak or predictable combinations that make it easy for hackers.

With freely available programmes designed to run automatically and try millions of combinations, simply setting your password to ‘Pa55word’ will no longer suffice.

When it comes to protecting your data, information or money, the only way to make a long-term difference is by changing your attitude towards password security.

Although it may sound straightforward, the first step is to stay away from obvious passwords that you’ve trusted in the past. This includes sequential numbers or letters, birthdays and especially the word ‘password’.

Instead, it’s important to make passwords longer, aiming for at least 15 characters where possible, using a combination of upper-case and lower-case letters, while throwing in numbers and symbols for good measure.

Alternatively, a word combo can be extremely effective, using a combination of random but memorable words that make it almost impossible for hackers to guess. An example of a word combo could be ‘FootballDogYellowRibbon’ – the more ridiculous the better.

Although changing your attitude towards password security is an important first step, that won’t necessarily help you spot an incoming threat or identify the points of attack.

The most common method used by hackers remains brute-force, which, despite its name, can be technically effective for those looking to breach an already weak security system.

Brute-force attacks will often use a password dictionary, containing millions of words and numbers that can be tried in combinations to discover the correct password. This can take minutes, hours, days or even years – the programme has enough patience.

Once a hacker has set the programme running, passwords will be tried systematically, delivering a successful hack if the dictionary contains the correct password.

While password protection isn’t new within the world of online security, research shows that individuals and businesses are not treating it seriously enough.

Although it may be tempting to create a relatively straightforward password that is memorable and quick to type, hackers now have the power to test millions of combinations and breach your account within minutes.

Remember, cyber-attacks are becoming more sophisticated over time, so it is important to remain vigilant and update security measures regularly.

If you’re unsure about the next steps, contact an experienced managed service provider and begin securing the future of your business.