Passwords: the keys to better security

Protecting sensitive and private data is becoming a major challenge. Thefts of account details can have significant impacts on a company’s viability or a person’s privacy. Therefore, creating more secure passwords is essential.

Passwords are often the main entry points to our online identities. This simple authentication technique is used to access both our personal and professional accounts.

Identity theft

On the other hand, there are numerous ways to recover them: malicious codes, phishing, keyloggers, password-cracking software... And the effects on a company’s business operations or an employee’s private life are varied: loss or breach of sensitive or personal data, identity theft making it possible to intercept emails, control of social media accounts making it possible to launch a smear campaign without the company’s knowledge, access to online services, etc.

Therefore, organizations must implement secure authentication mechanisms. Everyone is affected, at all levels, including the company’s leaders and cybersecurity and IT management teams. The latter must prioritize strong authentication (combination of passwords, biometrics and tokens), limit the number of attempts to access user accounts, and require the password to be changed on a relevant and reasonable basis.

'Strong' passwords

Not everyone uses strong passwords… for years, the most commonly used password has been the infamous 123456 or the very unimaginative password!

Increasing the security of account details also involves using complex passwords. Names, places visited, football teams and dates of birth should be avoided. In short: no words found in the dictionary. A 'strong' password includes letters in upper and lower case, numbers, special characters and punctuation marks. Size does matter: the longer it is, the securer it is. The aim of all these steps? To make the password difficult, if not impossible, to hack by the means available to scammers. Wherever possible, it is also advisable to use additional authentication factors to increase the difficulty of accessing our accounts: secret questions, tokens, codes sent by text or phone call, biometrics…

The eternal question remains: how can we remember such complex passwords? There are mnemonic strategies. The simplest involves remembering the first letters of the words in a sentence. For example: "I bought five CDs for a hundred euros this afternoon!" That gives: Ib5CD4%Etpm! The second method involves remembering the first letters of a phrase: "2 heads are better than 1!" Giving: 2habt1!

Password managers

But both techniques have their limits: neither helps us remember several 'strong' passwords. The solution involves remembering just one and using a password manager. The open-source and free software can be installed on a computer with Windows or IOS, but also on a memory stick, which is very handy for mobile staff who travel with their laptop.

Password managers also make it possible to avoid a very risky temptation revealing your entire digital life to a hacker: using the same password for all your accounts. If one of your passwords was ever revealed or cracked, the hackers would have all your other logins too!

Never use the same password for two different services.

Training

But these techniques are meaningless if staff have not been made aware of cybersecurity good practices. A speaker at a conference in the U.S. (editor’s note: RSA Conference) in April 2018, David Hogue, Technical Director of the NSA’s Security Operations Centres (SOC), claimed that "93% of security incidents in 2017 could have been prevented if best-practice measures had been followed." Therefore, completing Telindus’s training is very important. The goal: learning to identify the cybercriminals’ traps and banishing bad habits, such as leaving passwords visible on our desk or a post-it, using the same password for all accounts, never changing it, sharing passwords with other people...

That is why Telindus offers companies training sessions to make various user profiles aware of the most common dangers, using live password interception demos and cracking encoded passwords.

Telindus brings together the educational infrastructure, trainers, expertise and experience in cybersecurity — and partnerships with manufacturers and specialist publishers — needed to deliver awareness-raising campaigns and tailored training programmes to help companies face present and future threats.

Telindus’s approach is comprehensive: as well as products, we provide consultancy, management, governance and training.