Once upon a time, in a land far, far, away, an evil villain found a document containing three magic words that would grant him riches beyond his wildest dreams. He memorised the words then set to work, his fingers flying across the keyboard and his Wi-Fi working overtime…
Three magic words
So what document had the heinous genius discovered? An ancient scroll? An alchemist’s manuscript? And what were the three magic words? Abracadabra? Alakazam? Abraxas?
Embarrassingly for humankind, the magic words were a little more mundane than the usual incantations: according to the results of a Trustwave study (the document our hacker stumbled across) the three most common business passwords are ‘Password1’, ‘Hello123’ and ‘password’.
Worse, Trustwave were able to crack over 50% of business passwords in just a few minutes, and 92% of them within a month.
The real villains of the piece
No genius required in this tale, then, but with employees using passwords like that, it could spell the end of the story for businesses.
Do employees use such weak passwords out of ignorance, or wilfulness, or laziness, or a warped sense of humour? It’s all of the above but, in the end, it doesn’t actually matter; what does matter is that the practice is stopped.
Let the battle commence
The fight against cybercriminals requires the usual qualities of a successful army: effective leadership, well-trained forces, good weapons, and let’s not forget a stirring war cry. In this case, invoke three magic words of your own: USE STRONG PASSWORDS!
For the uninitiated – and there are clearly lots in the workplace! – a strong password is, first and foremost, long. Trustwave noted that the most common password length was 8 characters i.e. the usual minimum length specified by businesses. If employees are doing the bare minimum, set the bar higher: passwords should be at least 15 characters long.
Adding complexity (using mixed upper and lower cases, numbers, symbols and special characters) is also recommended, but it is not a substitute for length.
Lastly, using words found in dictionaries should also be avoided: password-cracking programs are fluent in every language.
Play the password challenge
So what does it take to turn these three most popular passwords into something our evil hacker can’t easily crack? With the help of a strength meter you can train employees how to create strong passwords.
Let’s look at how the top three passwords stack up against the strength meter:
‘Password’ and ‘Password1’ take so little time to crack, they register as zero seconds on the strength meter. Hello123’ takes 0.03 seconds to crack.
Following a couple of simple rules can help you create strong passwords that are difficult to crack…
- Make all passwords at least 15 characters long
- Use entropy in passwords. Ideally they should contain uppercase & lowercase letters, numbers & symbols.
Of course, the longer and more complex a password is, the more difficult it can be to remember. So, one tip to help remember complex passwords is to use mnemonics - using structure and patterns to make it easier to remember complex information. Taking the first letter and introducing entropy turns "My best friend just bought a new iPad which is really great” into MbFjB&nIpw1rG!. It still requires a good memory, but remembering a structured sentence and applying it as a password is easier than remembering a random collection of letters, numbers and symbols. The resulting password MbFjB&nIpw1rG! would take a supercomputer around 501 billion years to crack.
You get the picture…
Importantly, passwords should be unique to each online account, which is why using a password manager makes sense; any number of strong, complex, hard-to-remember passwords can be accessed using a single, easy-to-remember pass phrase. It will encourage users to build strong passwords without the burden associated with remembering them.
Happily ever after?
Are strong passwords the magic recipe for a fairytale ending? For business owners, quite possibly, but not for everyone else…
Once upon a time, in a prison far, far away…
If you are worried about your company being hacked you can download your free guide here