Download PDF

Dec 2022

On the second day of Techmas Waterstons gave to me…

Two password tips

Categories Cyber Security Strategy

Andrew Quinn

Technical Strategy Lead

Two password tips

Regardless of what they’re told, employees are likely to use the same password for literally everything – at work, and at home. And usually they’ll have it written down somewhere.

If that’s not frightening enough (we appreciate this is Christmas, not Halloween), here are some staggering password stats from webtribunal.net:

  • 24% of Americans have used passwords like ‘password’ ‘qwerty’ or ‘123456’
  • 90% of internet users are concerned about having their passwords compromised
  • ‘123456’ is used by more than 23 million people
  • According to a study of over 15 billion passwords, the typical password length is eight characters or fewer
  • Compromised credentials are the most common cause of malicious attacks accounting for 61% of breaches
  • Two out of every five people have had their identities hacked, passwords compromised or sensitive information breached because of duplicate or outdated passwords

This Techmas, take our two key pieces of password advice:

  1. Password length is more important than complexity

The password “!$fsWE32” is complicated and difficult to remember, but can be cracked by a computer in about 9 hours.

“GreenRectangleElephant” on the other hand is much easier to remember and is good for about 45 quintillion years of cracking!

When you have to remember a password, try to combine a few unrelated words into a passphrase such as this. It’s easier for you and more difficult for the bad guys.

  1. Never use the same password twice

Websites get hacked all the time – it’s a reality. If the bad guys get hold of your password from one of these breaches, they’re going try and use that password everywhere else. If you’ve re-used the same password elsewhere, your accounts can start to fall like dominoes as the hackers take control of an increasing portion of your life.

Fortunately, there’s no need to memorise hundreds of unique passwords when a password manager can do that for you. Choose one good passphrase and multi-factor authentication to secure the password manager itself, and use the password manager to generate very long, complex and unique passwords for each of your accounts.

You don’t need to remember any of these because the password manager takes care of it. You just need your master password to get into the password manager.

But remember; security are for life, not just for Christmas, so make sure that you have multi-factor authentication on top of your super secure passwords!

To find out more about passwords and protecting your systems, get in touch with author Andrew on Andrew.quinn@waterstons.com