Password Security

Cyber security is an increasingly important topic following recent hacking attacks and so we have been looking at how to help small businesses with little or no in-house expertise in IT systems.

The information below is an extract from an article on the National Cyber Security Centre website and provides common sense guidance on how to set up and remember your many passwords.

All individuals and business users should:

Always use unique passwords for your work accounts. Always change them immediately, and report it, if you think they may have been compromised or you notice anything else suspicious.

Store your passwords rather than trying to remember them all. This enables you to use longer, stronger, unique passwords and change them whenever you want, without making life too hard for yourself. There are two ways you can do this:

Use a password manager. These can easily create and maintain long, complex, unique passwords for every service you use. Read our blogpost on password managers to help you pick a reputable product, and use it in accordance with any instructions provided by your IT staff.  Alternatively, write your passwords down on a piece of paper that you guard very carefully (and keep separate from the devices they relate to). Disguise them if you can, and don’t write your usernames alongside the passwords.

When creating passwords, make sure they can’t be easily guessed by people who know you, or derived from information gleaned from your social media profiles. Avoid the use of single dictionary words, or variations of these – use three random words Don’t bother replacing the letter ‘O’ with a zero (or replacing the letter ‘I’ with the number one) or any other techniques as hackers can exploit these rules.

For more information see the National Cyber Security Centre (NCSC) website which is part of GCHQ – https://www.ncsc.gov.uk/guidance/password-guidance-summary-how-protect-against-password-guessing-attacks