A Password Guide: Tips to Create a Strong Password

Password box on a webpageIt’s no longer a question of if you will face an online attack, the question is when? Many people are convinced their data is secure as they are using what they consider to be a complex password. They are often mistaken.

There are now freely available password crackers that can tackle passwords up to 55 characters long, passwords that are far more complex than most of us are using. Here are some top tips on how to create a strong password and avoid getting hacked.

  1. Password length – stick to passwords that are at least 8 characters in length. The longer the password, the longer it will take a hacker to guess.
  2. Password complexity – ensure your password contains one lower case letter, one upper case letter, one number and one special character. This will make your password a lot stronger and harder to crack. Avoid using names of family, friends or pets. Don’t use personal information such as date of birth, phone number, street name or house number and do not use consecutive letters, numbers, or keys on the keyboard such as ‘qwerty’.
  3. Use a passphrase – in order to remember your passwords, use a passphrase. For example, use the first letter of each word in a line of your favourite song. ‘Always look on the bright side of life’ could be converted to ’Al0tbs0L!’, a strong password using the four complexity indicators. Don’t simply use number substitutions for letters eg.passw0rd this is far too simple for an advanced hacker.
  4. Use a password manager – many people avoid using complex passwords are they are often hard to remember. Using a reliable password management tool to store passwords is essential. When you create a password, enter it into the password manager which will encrypt it and store it for you. Many of these software programmes are free, easy to use and work on both Windows and Mac.
  5. Create unique passwords – it’s very tempting to use one password for your email accounts, another for your banking, and one for all of your social media accounts. A study by BitDefender shows that 75% of people use the same password for their email as they use for their social media accounts. If this password was discovered and it was also used for their online banking or Paypal account this could result in financial theft.
  6. Change your password for all accounts every six months – the longer your password has remained the same, the more time a hacker has had to crack it. It is recommended to change your passwords often, at least twice a year but the more often the better.
  7. Never write down your passwords (except in a password management tool of course) – this includes both paper and emails. Writing down your strong password is almost as bad as having a weak password and not writing it down at all.

To be extra secure, download Strong Pass now

How NOT to manage a security breach crisis

adobe_logo1We’re often given the opportunity to learn about crisis management through the highly visible fallout from the experiences of others. Important lessons can be learned when looking at how a company successfully, or unsuccessfully, responds to a hard-hitting crisis. Everyone makes mistakes and learning from others makes us better prepared to manage a similar scenario ourselves.

Adobe hack

Adobe’s database of over 150 million users was hacked in October 2013, resulting in email addresses, passwords and credit card information being stolen. The identity thieves know which programs specific users have, making it even easier to engage in phishing to get people to download malware disguised as updates. The situation illustrates the growing problem with identity theft and how ordinary people are often the real targets of hackers who target big companies. What is more shocking is the way Adobe reacted.

How did they react?

Adobe first reported the data breach of approximately 3 million customers however this number was then raised to 38 million. The situation then took a turn for the worse when an outside company found the data of 152 million Adobe customers on a site frequented by cyber-criminals.

While Abobe may have needed privacy and secrecy with a breach of this size, responses through snail mail and email were slow. Emails sent to customers warned that data might, or might not, have been compromised and many customers received no communication at all. Even now, three months later, there is no notice of the incident on any of Adobe’s login pages.

Shocking statements emerged such as “Much of what we’re learning about the breach has come from independent researchers not affiliated with Adobe.”

It’s possible that Adobe has limited knowledge about what happened, but the silence after this attack was somewhat shocking to many users and should have been handled with more care by Adobe.