Back to Basics Your Password the Finale

by
Back to Basics Your Password the Finale Cyber Awake

In part 4 of this password mini-series, we took a short detour into how passwords and identity can be compromised within your trusted organisation. Today we are going back to the ways users compromise their own passwords and how hackers know this and so exploit it when it comes to brute force hacking attacks. (Have a look at one of my previous articles in this series to find out about brute force attacks.)

Password Re-use

For this final part of the series, I want to look at one of the most regularly exploited password flaws – re-using passwords (Bowen. 2020). You can create a password that meets all the requirements your organisation lays out for a secure password and pass, but if you then choose to use that great password for several different services, social media, dating sites, online shopping etc., it only takes one of those services to be compromised or for you to fall a victim of a phishing attack where you reveal this great password by mistake and you have compromised not only your work systems but personal accounts as well. As soon as the threat actors gain one set of working credentials, their automated hacking tools go off and try them against as many other services as possible, just in case you are one of the 65% (Bowen. 2020) who reuse passwords. At 65% it is worth the hackers trying.

Password Reuse Mitigation

I could go on to explaining how multi-factor authentication can help defend against these types of credential-stuffing attacks, but I won’t. This article is about you NOT RE-USING PASSWORDS, finish.

Passwords and Your Organisation

It is quite simple, write a password policy – the National Cyber Security Centre (NCSC) has a page explaining what the minimum password requirements should be – there are links below. I have included a slide from our Cyber Security Awareness Training on what a great password is.

Back to Basics Your Password the Finale Cyber Awake

Something that has developed recently here in the office, is that we are requiring the special characters not to be at the beginning or end of the password.

Once you have written the policy, circulate it with links to these five short articles I have written so your team knows how important it is for good password discipline.

Just one more thing…

Our online training is more than just passwords – you should sign up for that as well.


Clive Catton MSc (Cyber Security) – by-line and other articles

References

Bowen, K. (2020). Your employees are reusing passwords – find out how many. Infosecurity Magazine. https://www.infosecurity-magazine.com/blogs/your-employees-reusing-passwords/

Further Reading

Move away from text- or voice-based multi-factor authentication

Back to Basics – The Password

Passwords – Back to Basics

Back to Basics – The Password Part 2

Back to Basics – The Password Keyboard Walk Part 3

Back to Basics – Password Sharing Part 4

From the National Cyber Security Centre:

Three random words – NCSC.GOV.UK

Using passwords to protect your devices and data (ncsc.gov.uk)

Photo by Ann H

Contact us for consultation

Wake up to cyber threats..

Back to Basics Your Password the Finale Cyber Awake
HQ Based between Newark and Lincoln

Get in touch

CyberAwake
Unit 2 Kingsley Court
Kingsley Road
Lincoln
LN6 3TA
United Kingdom

01522 508089

useful links

Website Cookies Icon

This website uses cookies to ensure you get the best experience on our website. Click for more information.

accept & Close