By Jessica Patchett, Information Security Education & Awareness Specialist
Did you know that Thursday 5 May is World Password Day? Yes, we really do have a day for everything.
Although they might have been around for a while, the rules of the password game are changing.
Where once not even a Shakespearean sonnet would have met password complexity requirements, leading security professionals now advise that the length of a password is the key to it’s strength. To create a long and strong password, the National Cyber Security Centre recommend using three random but memorable words; this is known as a passphrase.
To share or not to share? That is never in question!
Your password is for your knowledge only, sharing it puts you at risk. At work, this breaches policy and jeopardises the security of our Co-op. Make sure you never share your password with anyone.
Double, double, software, and trouble
Protecting your password from cyber-criminals is trickier. We may be coerced into sharing it through a phishing or social engineering scam; cyber-criminals could use special software or known ‘bad’ password lists to crack it; or a company that you have an account with might be breached and your credentials leaked.
That’s why it’s important to use a unique password for each account. This way, if a password for one account is compromised, the others still remain safe.
We know the trouble with having unique passwords is that you then need to remember them all. You can use a password manager to do the remembering for you; they protect your passwords using encryption. Usually, you design a ‘master password’ that you must remember to access all other passwords…one password to rule them all (though, that’s not Shakespeare!)
Things done well and with a care, exempt themselves from fear
Passwords remain essential to strong information security, but they do have their limitations. Luckily, there’s something we can do to add an extra layer of protection; that’s where Multi-Factor Authentication (MFA) comes in, and you should enable it wherever possible.
It protects your accounts by requiring another piece of information before access is granted. This could be a code from an authentication app, or a biometric such as your thumbprint. If someone were to get hold of your password, this would stop them from being able to access your account. Find out how to enable this on your personal accounts here.
Despite password best practice evolving, Shakespeare managed to capture how the relationship should be between you and your passwords way back in the day: ‘Tis in my memory lock’d, and [I myself] shall keep the key of it.’