The Critical Need To Improve Password Hygiene
Traditionally, self-improvement practices have revolved around improving health and quitting things that do us no good. But rather than trying to stop smoking, or becoming a vegan, why not clean up some bad password hygiene? Why not make one change that may not cut inches from the waist, but might improve your cyber security strength?
The UK government state that 45% of medium businesses and 58% of large businesses experienced cyber crime between 2023 and 2024. Evidently, cyber crime is a growing threat, but one of the easiest and simplest changes everyone can make to improve their security is to enhance their passwords.
Did you know 59% of people use the same password for everything? And out of these passwords, you’d be surprised at how many of them are commonly used.
A government investigation, carried out by the National Cyber Security Centre, found the most hacked passwords globally, and the results are, well, predictable.
Believe it or not, the most commonly hacked password is,123456, with 23.2 million cases. In second place, 123456789, with 7.7 million cases. Other honourable mentions include ‘Liverpool’, ‘Chelsea’, ‘Batman’, ‘Blink182’, and of course, ‘password’ – yes, there are 3.6 million cases where the password was ‘password.’
Something as important as personal data, shouldn’t be protected by something as easy to guess as a football team, first name, or the word ‘password.’
Why? Because 90% of passwords can be hacked in less than six hours.
And once cracked, a hacker can access emails, personal data, contacts, social media, payment methods, and addresses – of course, if the same password is used for everything, then the impact becomes greater as the hacker can access all these examples simultaneously.
In a work environment, this is especially risky due to the types of information that could potentially be stored on a work device. Employees should have strong passwords that only they know. Research has shown that 18% of employees share their passwords amongst each other to collaborate or, in some cases, because this was ‘company policy.’ These factors make for very bad password hygiene in the workplace.
So what is good password hygiene?
Outdated methods would have us believe that a 14-character password, with a small mixture of letters and numbers, is strong enough to secure your accounts. So, something like Walesrugby1999 would be good enough. In the modern world, this quite clearly isn’t good enough, especially in a workplace environment where these passwords protect sensitive data.
A good password can be explained by breaking passwords down to their fundamentals and detailing how exactly their strength is measured.
The randomness of data is called Entropy, which is measured in Bits. This sounds complicated but it’s relatively easy to understand. Here’s an example – a coin toss, which has two outcomes to guess, heads or tails, could be described as having 1 Bit. Winning the lottery, which unfortunately is around a 1/286 million chance, can be said to be 28 Bits. As you can see, the harder an outcome is to guess, the more Bits involved: essentially Bits equal strength.
In modern computing, 128 Bits is the minimum strength for encryption algorithms.
How does this apply to password strength?
A password’s strength can be measured by its length multiplied by the entropy per symbol – the ‘randomness.’ For example, a number would have an entropy of about 3.322, so you would need 39 random numbers to achieve 128 Bit entropy.
Unless you happen to be Rain Man, you probably won’t be able to remember a sequence of 39 numbers, so adding a mixture of random symbols and letters can help towards shortening the password while also maintaining strong entropy. Of course, 128 Bits isn’t necessary for everything but should be the standard for sensitive types of information.
But again, to reiterate, these letters should also be random and not just be your favourite football team.
Password Advice For Individuals
Here are some simple actions you can take to improve your password hygiene, protect your business from hackers, and protect yourself and your data.
- ‘Randomness.’ As mentioned, the entropy of each symbol increases the strength of a password. The more random your password is, the harder it is to crack.
- A mixture of characters. So, symbols, numbers, letters; and try not to do these in any orders.
- A long password, in fact, the longer the better.
- Don’t use common phrases or words, especially ones that are personal to you. That means no birthdays, no names, and no pets.
- Keep passwords to yourself! No sharing passwords and try not to store passwords in plain text anywhere, especially not next to your computer.
- Use a password manager, no one expects you to remember all of your passwords when they are that ‘complex’. Devices often now encourage you to use a complicated password generator, so you don’t have to come up with them yourself, but thankfully, there will be a place on your device which stores them securely for you to refer back to.
Essentially, a password should be long, random, use a mixture of symbols, and should not use any actual word or phrase, especially one that is important to you: and don’t forget, you should use a different password for everything!
Password Advice For Organisations
The best advice for organisations when considering network security, is to assume the threat is already inside. Embrace a zero-trust approach and ensure that, any user or device that wants to connect to a resource must re-establish trust before access is granted.
The approach will combat the increased threat from shifts in modern day working such as further cloud adoption, mobile application usage and remote working, all of which can be contributors to credential theft, feeding the rise in privilege access as an attack vector.
After all, 94% of you have experienced this attack according to Identity Defined Security Alliance (IDSA), 99% of these would have been highly preventable, with a more robust security posture in place.
So with self-improvement changes in mind, some of you may run that marathon and some of you might give up meat, but let’s all take it upon ourselves to improve our cyber-security and adopt good password hygiene practices.
There we have it! We hope this post helped you understand more about what password hygiene is, as well as how to adopt good password hygiene practices into your day-to-day life.
At Net Consulting, we offer tailored cyber security consultancy services centred around the NIST’s Cyber Security Framework.
Supported by our team of skilled professional consultants, our services help businesses prevent cyber threats and safeguard critical assets.
To find out more about our services, give us a call at +442920972020, or send us an email at info@netconsulting.co.uk.
You can find out more about our DEM, Secure Network Services, and IT Management services from our website.
SIGN UP FOR ‘NCL INSIGHTS’
Your trusted source for innovation, technology insights, and market trend analysis.