Skip to main content

Five top tips for secure password protection

(Image credit: Shutterstock)
About the author

Jochen Haller is Head of Information Security at 1&1 IONOS. He is responsible for the information security management and the continuous improvement of information security standards within the company.

The security of your business is of paramount importance. However, when it comes to safeguarding businesses from online threats, only 15% of the UK population feel they know how to protect themselves from harmful activity.

No matter the size of your business, the first line of defence from hackers and unwanted visitors is creating a sound password protection strategy. While biometric and facial recognition technologies may be increasing in popularity, text-based, alphanumeric passwords will continue to be the norm for the foreseeable future. So, how can you ensure your business is as protected as possible?

1. Don't recycle passwords

64% of people use the same password for some, or all of their online accounts. That means if hackers access one, it’s a matter of seconds before they’ve accessed another. It’s vital you invest time into your password creation. Don’t use the same log-ins for each account you set up – instead, creating a unique, hard-to-guess password for every platform. It may sound like hard work on your memory, but it’s worth it for business security.

2. Use your imagination

The National Cyber Security’s review of the top 100,000 passwords to be unlocked by online fraudsters found that 23.2 million people used the trivial ‘123456’ as their password. Remember: your passwords should be memorable, but not guessable. That means you shouldn’t include information in your password that’s easily discoverable online; for example, your date of birth, your business’s street name or number.

3. Complexity is key

Think longer phrases, different digits and special characters. Sentences can be easier to remember than single word passwords, so create memorable mottos, and then replace some letters for numbers and punctuation.

Password systems can also work well, where one strong master passphrase is varied slightly for different accounts. The idea is that you remember the ‘core’ part of a phrase, but make slight variations depending on the account you’re logging into. For example the passphrase could be ‘Us!ng[INSERT WORD]MakesM3Happy’, where the second word is edited depending on the site you’re logging into: ‘Us!ngEbayMakesM3Happy’ or ‘Us!ngFacebookMakesM3Happy’.

4. Consider random generators

GMX’s research into the UK’s password habits found that 30% of respondents use 10 or more services that require a log-in. With that in mind, creating, storing and remembering all these passwords can be a daunting task. However, there are tools that can support you and your business with this. For example, if you’re struggling to be creative, password managers like KeePassX can help create unique suggestions for you.

5. Use encryption for further protection

Implementing password managers where you can store passwords in an encrypted form and access them by a master password is a simple way to strengthen business security.

In addition, an effective approach is to set up two-factor authentication to add another security layer. Here, the user provides two different authentication factors to verify their identity, meaning better protection of the resources being accessed. This usually includes inputting a text-based password, as well as a second securing factor such as a security token or a biometric element (facial scan or fingerprint). 

For more information on how to protect your business online check out 1&1 IONOS' password security guide.

Jochen Haller, Head of Information Security at 1&1 IONOS