A guide to password security during national lockdown

A guide to password security during national lockdown
(Image credit: Pixabay)

The national lockdown has meant that thousands more people in the UK are staying home to work rather than venture to their offices. This uptick also means that many businesses could be considering whether distributed working practices may take hold on a much larger scale, with some leaders seeing the COVID19 pandemic as a testing ground to see if teams can effectively work together remotely on a longer-term basis. 

This necessitated shift in behavior from businesses and employees means that in many cases there are more remote devices connecting to businesses’ networks – often via VPN – than ever, and more employees using unsecured WiFi connections.

Aside from educating staff on processes or relying on innate tech savviness, one of the keyways to keep your business truly secure at a time like this is to ensure that everyone across the organisation is using secure passwords.

About the author

Tyler Moffitt, Security Analyst at Webroot.

Gone are the days when users could apply the same password across every account, from their online banking, Facebook or even a work laptop. With hackers becoming more sophisticated than ever thanks to evolving technologies, businesses need to take a proactive stance when it comes to educating staff on what exactly is meant by a “secure password.” This information is increasingly vital in a time when there are heightened risks to security and crisis scams abound.

First, know what a weak one looks like

The first step in creating a strong, random password is knowing what a weak one looks like. Often, weak passwords include common words or phrases that are easy to guess (especially by someone who knows you), are short and can be easily deciphered. Here are a few examples of weak passwords, and password characteristics, that you should avoid:

1. While “password” and “1234” may be easy to remember, they are two of the most common, and most commonly hacked, passwords out there. These are simple passwords that can not only be easily guessed by humans, but also be easily identified by automated programs designed to hack your system.

2. Using your name or a family name, birth year, anniversary or any other identifiable date is risky. These identifiable pieces of information are easily guessed, and if they can be easily guessed, you can be easily hacked.

3. Too short a password leaves you vulnerable to hacking. The longer the password the harder a hacker, or their code-breaking software, will have to work. This one is crucial. Brute force tools like hashcat can crack 15 characters in 5 hours with roughly a £4,000 hardware investment. Gone are the days where 8 characters is enough to be secure from brute force.

4. Don’t be obvious in your password codes and substitutions. For example, the password “Ca$h” is not only too short, but the substitution of the dollar sign for the letter “s” is quite common and easy to guess.

Try to incorporate a phrase into your password

An easy and clever way to devise a memorable, yet secure, password is phrases. The length of this phrase is important as each character you add makes it that much harder to crack with brute force tools. Be sure to include spaces into your password if the site allows.

Take the phrase “snow white and the seven dwarves”. If spaces aren’t allowed, it could be altered to “SnowWhite&the7Dwarves.” It’s still easy to remember, yet much more difficult to guess or crack.

Combine and customize passwords for specific sites

One of the most basic cyber security practices is to refrain from using the same password for multiple sites or platforms. For many people this can be difficult, as they don’t think they could possibly remember all their different password combinations. However, developing your own unique yet consistent password style with only a few changes per the login site could help. 

For example, take the password “Snow White and the Seven Dwarves Amazon” (log in for Amazon). You could then adjust this format to suit your other logins, thereby creating an easy to remember password style while also having a unique password for each of your platforms. Facebook would be: “Snow white and the Seven Dwarves Facebook” and so on.

Have fun with it

Nowadays most computer keyboards have between 101 and 105 different keys, giving you plenty of opportunity to devise unique password combinations using not only the letters, but also the many symbols and characters found on the keyboard, such as adding emoticons like “8D” or “:".

Either way, setting up strong passwords isn't difficult, it just takes a little thought.

Tyler Moffitt

Tyler Moffitt is a Security Analyst, at Webroot and OpenText who stays deeply immersed within the world of malware and antimalware. He is focused on improving the customer experience through his work directly with malware samples, creating antimalware intelligence, writing blogs, and testing in-house tools.