IT Blog

Keeping the keys to your online kingdom safe isn't easy.

Security

How safe is your password?

Let me guess your password is your company name? Your own name? Your partners or kids name? Date of birth maybe? Or a combination of the above? Do you have your password on a Sticky Note on your computer screen? Maybe a virtual Post It note on your desktop?

Yes, these are all examples we see every day! Sometimes it’s a combination of an easy password to guess and it’s written down, is it even worth having a password if you have to write it down?

Ask yourself two questions…

  1. Do I care if someone gets into my computer? (If they can log in, they can find all of your stored passwords on the internet)
  2. Is my password obvious or written down?

If you answered yes or maybe, read on, even if you answered no, the below information might be useful.

So how easy is it to crack a password?

To the average attacker it’s as easy as you make it for them: the easier the password is to guess, the less time they have to spend on your computer, means there’s a smaller chance of them getting caught. Every password you enter is stored and encrypted, whilst encryption is a safety feature, it’s not impossible to break.

Who’s targeted? The more senior your position is, the more chance they will attempt to attack you, Directors, CEO’s and Senior management are more likely to be attacked, do you deal with money? That makes you an instant target.

There are two types of ‘attackers’ – Snoopers and Profit makers, snoopers want to find private information about you, they may find something personal to use against you, or they might want to read your emails and see your private browsing history, either way their end goal is to get YOUR information,

Profit makers on the other hand only care about YOUR money, they want to log on, get onto your online shopping, online banking and spend your money, they’re pretty much the hit and run specialists of cyber-attacks, before you even know you’ve been attacked, they’ll be long gone and have taken the profit with them.

So what can you do? How can you protect your work, your emails and personal files?

The longer and more complex your password is the better and safer you are, try and use something unique to you with a combination of numbers, letters (including upper and lower case) and special characters.

One trick I use, is the first item I see on my desk when I look up, or to be more complex, the first thing I see in the room I’m in.

For example only, I can see a coffee cup on my desk, what combinations can I get from a coffee cup?

CoffeeCup

C0ffeeCup

C0ff33cuP

Instantly I have a more complex password that has no information about me, no birthdate, my name or company name isn’t involved. An attacker could look at my life history, medical history, credit card statements and social media accounts but wouldn’t find a single link to a coffee cup, which makes it virtually impossible to guess.

So I’ve covered myself from pure guesswork, what about someone who uses decryption techniques? The longer it takes them to hack a password, the less likely they are to persist with their attempts and probably will move onto their next target that might have an easier password (that could be you!)

Let’s have a look at how we can make their lives harder and your personal information safer.

!!C0ff#EcuP62#

Stops looking like Coffee Cup, and is much more difficult for them to decrypt as we have used capital letters, special characters, numbers and a safe length, which also means the more difficult it is for you to remember, so it’s about finding a safe balance.

!1Coffee#Cup7@

We’ve found a pretty cool website that will test how strong your password is, and how long it could take to decrypt it, for example !!C0ff#EcuP62# will take….

pw

That’s pretty much unbreakable, but how about my name and birth year? Richard87 (bear in mind the decryption too; knows nothing about me).

pw2

So imagine if the person doing the decryption knew my name and when i was born? it won’t take at all long to get into my computer!

Note: all credit goes to the website for this tool, this is not an Optimus website and should only be used for educational purposes. https://howsecureismypassword.net/

There’s still extra characters to remember, but you only need to remember the placement of these characters and the word Coffee Cup.

So how often should you change your password?

If you change your password every day, you’ll probably never get attacked! If you change it once a year then you’ll be increasing the likelihood of an attack.

Most corporations have a 30 day policy, this could be a bit too excessive, personally we would say every quarter, you can change a character or number, or create a new one completely, it doesn’t really matter because it’s still making a new formation for someone to decrypt, if they tried your old one and couldn’t attack you, then they’re unlikely to try again and they have no idea if they were just 1 character away from cracking it or had the complete opposite to your password, it’s all about the complexity of your password.

We suggest looking at your office’s password policy and asking yourselves the same two questions you’ve already read about, if you have the slightest doubt about how secure your passwords are, you should probably think about changing them and the policy, some suggestions for a policy requirements.

  • No names.
  • No dates.
  • Must contain Upper Case letters and Lower Case.
  • Must contain a special character (@, #, %).
  • Must contain a number.
  • Do not write it down.
  • Don’t share it with anyone (would you share your Eftpos PIN? More damage can be done by password sharing than PIN sharing such as private/business contracts, online banking, online shopping, social media, personal information and that’s just a few example of how destructive a shared password can be).
  • WHAT ARE THE RISKS TO YOU? OR YOUR BUSINESS?

Below are two common scenarios, we’ll look at them and look at what can happen…

Scenario 1

You all have the same/similar password.

– Anyone can log into your computer and read your emails, or even webmail from another computer!

– Anyone can log into your desktop/laptop and look at everything there, your work documents (and they can edit them don’t forget) your saved passwords on the internet… Facebook, banks, shopping, personal email and any other places you would rather be kept private.

– If someone guesses your password, they’ll do some damage and then move onto the next person, it goes round in circles, and it only takes one person to destroy important data, or steal it! Without you even knowing it’s being accessed, they can copy information and leak it, sell it or destroy it.

– What if a competitor gets hold of this password? What if someone leaves the business on bad terms, but knows that everyone’s password is the same? How much damage would someone try to do if they can continue accessing this information whenever they want?

Scenario 2

Your password is easy to guess, it’s your name, or your company’s name with a digit at the end.

The attacks above will happen, but because they’ve had to guess your password, they’re less likely to get into everyone’s computer, but they can find out who you are, they can still do personal damage to you, your reputation, your bank balance and your career, they can log in as you and send your boss an offensive email, the whole office even, perhaps your partner will get one?

Whilst it sounds extreme, it does happen, and you don’t want to be a victim to this type of attack, if you’re a director, CEO or accounts administrator, have a good look at your password and get it changed, as you will be the first target, you will never know how safe your password is, until you’ve been attacked. You can be proactive and make it as complex as possible, or you can react when you’ve been attacked and the damage is already done.

So you might be thinking it’s time to change your password policy, maybe someone has left the business and might know your passwords? Who knows what situation you may find yourself in, we can help and facilitate your password policy changes now, get in touch and we’ll have a chat and start getting a plan in place to make your office, your files and your business safer.