Font Size: A A A


A good password strategy

Don’t let passwords be your Achilles’ heel, writes Katie Petrillo, pictured, Director of Product Marketing at the password manager product company LastPass.

At a time when cyberattacks are growing in both complexity and volume, cybersecurity needs to be front of mind for organisations and individuals alike. Yet, as threats loom large, passwords that are designed to give you access to an online world while protecting your information, are all too often a weak spot that can prove fatal.

In today’s world, it is common practice to be asked to login into accounts across all areas of our online world – whether banking, shopping, social media browsing or even simply reading the news. While this is a basic security feature to ensure cyber ‘wrong-doing’ is limited, it can frequently become problematic. The frustrating and time-consuming task of creating secure passwords across multiple platforms and websites makes it much easier for our cyber ‘hygiene’ standards to slip.

All too often passwords are dropping off our radar when they should be our first port of call as a cyber safety net. By ignoring the increasingly significant risks, we are willingly revealing our weak spot to cybercriminals – and exposing our own Achilles’ heel.

Our small but fatal weak spot

Individuals rely on easily remembered passwords, but they often make notoriously bad choices when choosing them. Despite being regularly warned about the potential threats to our online security, many continue to reuse passwords that are easy to hack with minimal effort.

Securing email accounts is crucial for staying safe online. In 2019 the NCSC reported that the most common passwords feature sequences of numbers, including ‘123456789’ and ‘1111111’. According to this year’s research, the most commonly hacked passwords continue to be ‘123456’ and ‘qwerty’. Recently, the UK government issued a ‘Cyber aware’ campaign, that stresses the importance of email security, encouraging consumers and businesses alike to use three random words to make up their password to ensure they are ”harder to hack, and even easier to remember”.

While eye-catching campaigns provide further recommendations to people and organisations, we all have a role to play in our collective cybersecurity. Without individual action we will remain unable to protect ourselves, our personal information or our assets online.

Making it effortless for cybercriminals

Cybercriminals are opportunistic. They constantly change their focus and priorities in line with new opportunities. With more individuals using digital devices than ever before, last year saw a 161pc increase in unauthorised access to personal information offences, including hacking. Correspondingly, 80pc of data breaches are a result of weak passwords and our recent research found that 92pc of individuals admitted to reusing passwords.

Some of this comes down to a lack of understanding, but there is also a lack of awareness of the real risks posed by hackers. So, it is time to turn the table. Cyber attackers thrive on their intended victims being uninformed and unaware about cyber security. It makes their task easier.

Creating strong passwords is such a simple task in practice, with the many password tools available to us. But many still choose to make themselves a target. According to the study, an 18 character password that combines numbers, uppercase and lowercase letters and symbols would take 438 trillion years to crack. In contrast, hackers can instantly crack a six-character password with the same mix of character types.

The pending cataclysmic event

Unlike Achilles, we are fully aware of our weak spot. There is no room for complacency at any level – be it an individual through to large scale enterprises. Do we really need to be personally impacted by having money or our identity stolen to stir us into action – or will it be a major breach that turns the tide and compels us all to act?

Some 68pc of people who reuse passwords do so because they’re afraid of forgetting them, despite 79pc of respondents agreeing that compromised passwords are troubling. Control is an important factor – 52pc who re-use passwords want to control all their passwords and feel that using the same password everywhere is the only way to accomplish that. People are letting various excuses get in the way, but the cost of a stolen password would be a significant disruption to their lives in comparison to the minimal time it takes to secure themselves.

Ultimately, a good password security strategy is fundamental to protecting yourself online. Is not addressing it really worth the risk?


Related News