What is password protection?
Password protection is the term used to describe a form of security where a user is challenged to provide a specific piece of information, the password, to access data. If you have the correct response you can see the protected information, if not (and we assume a well secured system) then you can’t access the data.
Would hackers target me, or my business?
A common misconception is that individuals and small businesses aren't significant or valuable enough for a hacker to bother targeting. However, SMEs and individual people are at risk as they usually have less security and far fewer ways to fight back than big businesses.
Exactly what they have to gain depends on the hacker's intentions - whether they are looking to steal your identity, money or client's information. But remember, a hacker doesn't sit at the computer, manually trying passwords one account at a time - they use a program which attempts to break into millions of personal accounts all at once. It costs very little time and effort.
Take the login details to your personal or business email, for example. These are worth investing time in cracking because its likely that all your online accounts, orders and payments are fed through there. With that information a hacker could be able to access sites where you have saved payment information, go to your bank or PayPal to withdraw funds, use the information to steal your identity or sell the information on to someone with more malicious intentions.
How can I protect myself?
1. Use different passwords for different accounts, and change them regularly
If you make sure that all your passwords are different, this makes everything much harder for hackers. If someone does get access to one password and its been used across multiple accounts, then the hacker now has access to every account you have secured with that password.
It's good practice to change your password regularly, just in case a hacker has already gained access to one of your accounts and is monitoring it. If you change your password, they'll have to crack the new one to get back in.
2. Choose an SMS reset over security questions
Security questions for password resets are being used much less than they were, but they are still an easy way in for hackers. What's my eye colour?' for example, is going to have a very small pool of answers. 'My favourite sports team', is going to be easy to guess if the person trying to get in to your account has some idea of your location. And if you use Facebook this information may be available to the world.
Ideally, opt in for an SMS reset as well as security questions, as two factor authentication is much stronger.
3. Make those passwords complex
Ideally, every password you use should be at least 9 characters long. According to mSecure, a password this length should take ten years to crack. You also need to make sure that your password isn't in the dictionary, because the quickest and most basic attack used by programs is to try every word - which is why a symbol, a number and a capital letter are must haves.
But I can't remember a unique and complex password for every account I have!
There are plenty of tricks about for creating memorable and complex passwords, but one of the easiest ways is installing a password manager on your browser. These generate unique and complex passwords, encrypt them and then store them securely until you need them. Then it automatically fills any login screen you come across.
Using a password manager does shift the point of entry, and they can be targeted by hackers - but those behind this software are security experts and really know their stuff. LastPass and similar managers offer two factor authentication, so that a hacker would also need your mobile to access your passwords. It's not a great solution, but its the best way to balance usability and security.
Alternatively, use a pass phrase instead of a password - a series of words is much more difficult to crack. Try a line from a song with a number at the end (for example, Justoneguitar54). You'll be singing at your desk, but you won't forget your password!
If you need help setting up a password manager, or want more information on password protection, give us a call on 0191 482 0444.
