Managing your passwords: ‘Password123’ is not secure!

Passwords are the gateway to our digital lives.

As we spend more time online, it is very important that we take care of our cybersecurity and maintain good password hygiene.

‘123456’ or ‘password’ or ‘password123’ are not secure.

In fact, they’re a hacker’s dream, and yet they topped a list of the most used passwords in 2021, according to a survey of 50 countries by NordPass.

We asked 3 cybersecurity experts how best to manage passwords and protect them.

Is it acceptable to use the same password for all sites?

Dermot Williams, Managing Director, Threatscape

No, that’s a very bad idea. You might think that a website is not that important and there is nothing valuable to protect.

Your local gym’s booking site? A fan site for your favorite sports team? A free newspaper subscription? Surely there is nothing valuable to protect and you can let your guard down and reuse the same password you use for other sites? But your credentials – your email address and password – are valuable and should be protected.

If a hacker were to break into a website and gain access to your credentials, then they could check to see if it grants them access to other much more valuable websites such as banks, online merchants, media social media, crypto brokers, or even your workplace. Attackers will target all of these and more, as they know they may be able to steal money directly or indirectly through means such as impersonation fraud or extortion.

And thanks to automated hacking tools, names and passwords stolen from one site can be quickly matched against thousands of other sites.

The millions your bank could spend keeping its systems secure are wasted if someone can steal your password on another site with little or no security.

Do you recommend changing passwords from time to time?

Dermot Williams, Managing Director, Threatscape

Yes definitely. You should “treat your password like a toothbrush”: choose a good one, never share it with anyone else, and change it regularly.

The downside to this of course is that it can be difficult to keep track of passwords and if having to change them regularly means you develop bad habits like writing down your password and leaving it near your computer, so changing regularly can do more harm than good. But there are “password managers” to help you.

Should you choose your own password or accept the “strong” password recommended by a website?

Richard Ford, Group Technical Director, Integrity36

Typically, a website won’t provide or recommend a password, and in fact, it’s probably your device or browser recommending a “strong” password.

In this case, assuming this is your device and you have enabled strong authentication (e.g. fingerprint/facial recognition), I recommend using this feature.

Passwords will be complex, unique, stored in a secure credential store on the device, auto-populated for you (assuming you can unlock password access with this strong authentication), and , more importantly, you don’t have to worry. to remember them.

Paul Donegan, Country Manager for Palo Alto Networks in Ireland

I think it’s a bit of both. You should choose a password that you will remember, but that also has the characteristics that make it “strong” as recommended by the website you are trying to access.

The more information you have in an account, the stronger the password should be.

How can you remember all your passwords?

Richard Ford, Group Technical Director, Integrity36

The simple answer is that you don’t and you shouldn’t try.

Whether at work or at home, we should use secure password stores or, more commonly and more securely, go passwordless.

Although no password seems less secure, we actually mean the use of multi-factor authentication apps such as Google Authenticator, Microsoft Authenticator, etc. These apps allow you to validate your identity in real time in a two-way process, eliminate the need to remember passwords, and prevent your credentials from being used without your knowledge.

Paul Donegan, Country Manager for Palo Alto Networks in Ireland

For personal use: make it unique to you, a favorite saying or phrase, a number you will remember.

You can also consider using an app like a password manager or even your favorite browser that can help manage this for you.

Is using a password secure enough or do you recommend multi-factor authentication?

Richard Ford, Group Technical Director, Integrity36

Passwords are not secure enough, and have been for some time.

They are unavoidable in some cases, and in those cases we should use secure credential stores and always avoid password reuse, but most websites and apps allow the use of multi-factor authentication (MFA).

MFA authentication should be the first option when it comes to authentication and hopefully we will live in a passwordless world soon.

Paul Donegan, Country Manager for Palo Alto Networks in Ireland

I would recommend everyone to use multi-factor authentication, especially for their personal email accounts and any apps that contain personal information.

I’m a Mac user, so I have Chrome for all business/work related websites/apps and Safari for all personal accounts. Whenever possible, I will use multi-factor authentication to access all of my accounts.

Dermot Williams, Managing Director, Threatscape

Microsoft, Google, and others also have apps you can install on your phone that will pop up and ask you to verify that it’s really you trying to connect to a website.

This makes it much more difficult for an attacker to bypass the system – knowing only your password. Of course, you should make sure to keep your phone safe and not install dubious apps which might include malware designed to spy on your authenticator app.

The best is to invest in a small “security token” offered by companies such as YubiKey; these are even harder for attackers to subvert. Many large companies adopted them during the pandemic to provide more secure authentication for people working from home, as they couldn’t risk a password alone being used to provide remote access. Many popular websites now support the use of these security tokens.

Comments are closed.