Publications
Password Hygiene – Do Your Passwords Stink?
We’ve all been guilty of it – lazy password making. Yet another website asks you to make a password, so you plug in the same combination of words or numbers you’ve been using for over 10 years for your bank, your email account, Facebook. It goes something like this: *name of your pet + birth year* or *footy team + 123*.
How dangerous can it really be? Quite – if you look at the data.
According to Business Victoria, hacked passwords cause 81% of all data breaches. In fact, “for most businesses, their password can be the only thing between an attacker and all of their key data assets”. It takes only 11 minutes for the average seven-character password to be cracked and stolen by hacking software.
There are a number of steps businesses can take to increase their cyber safety. Let’s start with the basics – password hygiene and strong passwords.
What does good password hygiene look like?
- Choosing tough passwords
- Choosing a unique password for each account
- Avoiding the temptation to choose passwords that are easy to recall or guess
- Keeping personal passwords private
What does a tough password look like?
- At least 12 characters
- Random combinations of words
- Numbers
- Upper and lower case letters
- Symbols
An example of a strong password is: “Cabinet-21–Frog–Milkshake”
Once strong passwords have been implemented, there are three further actions your club can take to ensure these passwords are kept safe.
1. Use multi-factor authentication (MFA)
The most common version of MFA is two-factor authentication, which requires an additional step before the user logs into their account. This usually comes in the form of a text or email with a onetime code which the user must enter after their password. The Australian Cyber Security Centre recommends businesses should implement MFA wherever possible.
2. Keep personal and work accounts separate
Employees shouldn’t log into their personal accounts on a work computer. If a cyber-attack does happen, their personal data and passwords are at risk of being exposed. Similarly, it’s best to keep work emails and personal emails separate.
3. Consider using a password manager
Not only does a password manager store passwords in one encrypted place, meaning you only need to remember one password, it also helps generate tough passwords for you. However, they aren’t foolproof, and it’s recommended you consult with your IT provider first.