Password Advice

Password Advice

Arne Uppheim

Senior Director of Product Management at Avast Software

Views 222

Password Advice

10.06.2019 12:00 pm

How easy is it for cyber criminals to get past weak passwords? How do they do that?

‘Brute force attacks’ are a common tactic used by cyber-criminals. These attacks use automated software to guess as many combinations as quickly as possible. Short passwords under 9-12 characters are particularly vulnerable to these attacks.

Another technique, known as the ‘dictionary attack’, is where a bad actor uses a prearranged list of words found in the dictionary. A weak password which includes a single common word is highly vulnerable to this type of attack, with multiple word phrases needed to outsmart it. It is also tempting to re-use the same passwords across accounts, but this should be avoided at all costs to prevent successful dictionary attacks.

Why are weak passwords so dangerous and costly for SMEs/start-ups?

Like any business SMEs have customers, and these customers will expect their partners to keep the sensitive information they share protected and secure. This could be financial data, acquisition plans or trade secrets - information that could threaten the entire operation of the business if it were leaked to the public or to competitors. Malicious logins could also disrupt systems and business operations and open up the threat of ransomware. So, given that passwords are more than likely the first line of defence for SMEs, a proper password management policy is essential.

What does a strong password look like?

The more complex a password, the stronger it is. Three key factors when developing a strong password include:

  1. Multiple word phrases: incorporating proper nouns, a foreign language, and phrases that can’t be linked back to you are the basis of a strong password
  2. Password length: for highly-secure credentials such as access to IT infrastructure 15 characters should be a minimum
  3. Complex Characters: adding random characters between words makes a password even stronger. Try to avoid easily guessable substitutions such as underscores replacing spaces or zero replacing “o”

What technology exists to help SMEs manage their passwords?

Passwords managers are useful, but another layer of security that SMEs should consider is two-factor authentication (2FA). This is the process whereby a code is sent to a mobile number or an email address associated with the user account. Adding an extra step in the login process reduces the chances of a breach and sensitive information being stolen. 2FA also acts as a warning sign if someone is trying to break in.

What role does education play? Is it important to keep staff up to date with cybersecurity issues, and to encourage regular reviews of procedure?

It’s fundamental. Cyberattacks are evolving in sophistication daily, and criminals are already abusing new technologies to launch aggressive attacks that can bypass threat detection systems. This is why a strong cybersecurity foundation and a culture that promotes training for employees is so important. A small business without protection that goes beyond antivirus to the devices and the networks they’re connected to, is far more likely to find itself on the receiving end of crippling sanctions, and economies could suffer as a result. 

Latest blogs

Tom Kellermann Carbon Black

Governance, Risk and Compliance - Enacting Proactive Risk Management

In the highly regulated industries of finance, healthcare and energy, a focus on governance, risk and compliance (GRC) is crucial to effectively combat a cybersecurity breach. Unfortunately, when considering international data sharing, this can Read more »

James Daniels FIME

Key takeaways from MWC Shanghai and Seamless Asia

At the end of last month, two major technology events took place in Asia. The first was Seamless Asia, which focused on the future of finance and commerce. The second, MWC Shanghai, centred around ‘Intelligent Connectivity’ – bringing together Read more »

Henry Balani Encompass Corporation

KYC Solutions Provider Encompass Corporation Comments on FCA Anti-Money Laundering Annual Report 2018/19

From this report, it is clear that the FCA is taking real action across the board when it comes to tackling money laundering. It is important to note the focus on Capital Markets. Given the reputation of London as a major financial centre, this is Read more »

Aditya Arora Teleperformance DIBS

How can financial institutions keep the human touch despite the ever growing wave of automation?

The past decade has welcomed an era of rapidly evolving and innovative technology, launching the race for automation and use of Artificial Intelligence across verticals in order to streamline processes and ease tasks for its employees and customers Read more »

Lina Andolf-Orup Fingerprints

Fingerprint On The Pulse: Biometrics On The Move In More Places Than One

We may be halfway through 2019, but as the year hurtles onwards, it’s important to pause and reflect on the latest and greatest news from Q2. With milestones surpassed – and fading into the distance – coupled with the ongoing adoption of biometrics Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel