Effective Password Management

14 Sep, 2017

Our top tips for managing passwords both personally and professionally.

These days we need a password or a PIN for everything we touch – work computer, online banking, social media accounts, mobile phone accounts, the list could go on.   As a society we have become dominated by them.  But, as much as we all hate them (and curse them when we input them incorrectly!) deep down we all know that they are there to protect us and our valuable information.  Equally, we all know that we should protect our passwords. But they can be cracked.  There are clever tools out there that hackers can use to decipher passwords.  Further, passwords can be obtained when they are left on sticky notes on computer screens, when ‘engineers’ call and ask for passwords over the telephone or by providing minimal personal information which links to passwords.

So, what can you do to help yourself?

Well, there are certain things that are a big no when it comes to passwords.

Firstly do not pick conventional words, that includes conventional words with a number at the end or conventional words spelt backwards so this includes things such as manager, administration, gniniart1.  All of these types of passwords are easy for online tools to crack.

Secondly, although it’s tempting, do not use personal information.  We all do it because it’s easy to remember.  However, if hackers are determined, these sorts of passwords can be cracked by gleaning just some basic details from you.  So steer clear of using anything relating to your name, a commonly known nickname, a close family member’s name or your pet’s name.  Further, avoid using numbers such as your telephone number, your date of birth or your house number.

Good passwords should be complex.  The longer the better and ideally between 12-15 characters long.  Short passwords should be avoided.  You should always use different characters in your passwords – don’t just stick to the standard alphabet.  A good password should have:

  • Upper case
  • Lower case
  • Numerals
  • Specials (£, $ &, etc.)

However, you should mix these up.   People commonly put the capital letter at the start and the digits at the end but again this can make them easy to guess/be hacked.  Try mixing them up for maximum security.

Choose a password with a complex meaning that can’t be guessed.  This is where mnemonics can be really helpful.  Think in terms of phrases rather than in passwords and their creation can become much less laborious.  So for example “My very educated mother just served us nine pies” could create the password “MveMjguNP”.

Some tips for extra protection:

  • It sounds obvious but NEVER give your password away. If it does need to be given to a system administrator make sure this is done in person (not via e-mail or telephone) and that it is a trusted source.
  • Do not use the same password for multiple accounts. If it is cracked once, they will have access to everything.
  • Do not write passwords down on sticky notes left on computer monitors. If you must write down passwords then do so very carefully.  Use a related thought or a convoluted phrase to jog your memory.  Write it on paper which is carried on your person and stored in a safe place at home.  Don’t store then written down on an online document stored on your computer.
  • Be aware of people ‘shoulder surfing’ as you are inputting passwords.

Previously there was widespread advice that passwords should be changed regularly to ensure protection from hackers.  However, over recent years, that thinking has changed.  It is considered that if you change passwords too frequently, you can potentially become flippant about choosing something – people often have an exhaustive imagination when it comes to passwords.  They end up using the same word with incremental numbering which is not very secure.  The new school of thought is to pick a really effective password in the first place to avoid having to make frequent changes.

What can you do as a business?

  • Set a strong password policy for staff and get staff to sign to confirm they have read it.
  • Remind employees about hacking risks.
  • Teach new staff about good password practices.
  • Provide resources to staff about good password practices.
  • Ensure staff have different passwords for different things.
  • Put in place lockouts on computers for incorrect password attempts.
  • Make sure that staff change default passwords immediately.
  • Blacklist certain passwords, so this could be the names of staff, the name of the business or anything you feel that links to the individuals that could be easily guessed or hacked.

Effective password management is only part of the story though.  It’s also useful to think about general user education, good physical security (no documents lying around the office), firewalls and being aware of security risks.

For more information on how an ISO certification can help you with processes and information security please see our website https://www.isoqsltd.com/iso-certification/iso-27001-information-security-management-certification/ or call us on 01905 670303.

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email info@isoqsltd.com.

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

News Archive

  • News Archive

Featured News

Related Posts

Supermarket process

The Process of Organising the Coronavirus Chaos

23 Sep, 2020

This pandemic has affected quite literally, every aspect of our lives. There’s no doubt the UK Government have made some difficult decisions during this year, but how do you organise the utter chaos it has created? We’re going to liken the similarities between a situation the country is all too familiar with currently, and a topic you might not know much about…

Charity Golf Day a Swinging Success Despite COVID-19

15 Sep, 2020

Last Friday, our first ever socially distanced Golf Day took place. Our Annual Charity Golf Day usually means a warm summer’s day of socialising freely, some friendly competition and an evening meal. However, this year was evidently different, so we had to get our heads together and do some thinking.

It’s Never Too Late to Plan Ahead

24 Aug, 2020

The last few months have been challenging for us all and now is the time to ask ourselves, ‘what can we learn from this experience and how do we future proof our business going forward?’.

Linden Care Homes Company Logo

Client News: Protecting Residents from COVID-19

5 Aug, 2020

Linden Care Homes closed their doors on 13th March to protect their residents from coronavirus.  With just one confirmed case and overall infection rates down, they are now looking to welcome family members back.