As more and more of our daily lives move online, the importance of strong passwords cannot be overstated. Yet, despite constant warnings, many people still use weak and easily guessed passwords, making their accounts more vulnerable to hacking.
When the most common password, used 23.3 million times, is 123456, we have a problem. How can we get our staff to care about password security?
Advice around best practice suggests use of long (over 8 characters) and complex passwords (include lower case, upper case, numbers, and non-alpha characters e.g. &%!$) which are unique for every account, as this increases the time it takes to crack a password. 123456 would be brute forced instantly, whereas a password with 15 characters and a mix of numbers, cases and symbols would take 438 trillion years to brute force. The steps taken on the ground when it comes to passwords can make a real difference to your security, but it takes the cooperation of your team to get there.
Although 75% of businesses have a password policy in place, since having a breach with material outcomes, only 8% of organisations added multifactor authentication or changed their passwords. Diligence in following password procedure is evidently lacking.
The way we see it, setting a simple password is like leaving the door open to your house, as opposed to locking it. And the more complicated the password, the more sophisticated the locking system.
We can educate our staff on this, provide password managers and simple policies, send reminders and even enforce consequences to noncompliance, but until it becomes a habit like locking the door behind you, there will be defections and deviances from best practice.
To make people care enough to build the habit, we need to make it personal. 42% of brits expect to lose money to online fraud, a threat which could be majorly reduced by strong passwords. Personal identity theft, fraud, breaches of personal information and any damage which results is a serious and real threat which awaits anyone who is not taking these steps at home.
We need to educate people on the impact of secure passwords in their personal online accounts and empower them with the belief that their actions make a massive difference in their cyber defence. If it’s people’s own families, current accounts and security at risk, and they have the knowledge on how to secure themselves through password security, this will be more likely to motivate behaviour change at home and at work.
A wider conversation around secure password management which seeks to motivate, inspire and bring the issue closer to home is more likely to encourage staff to care about password security in the workplace with the right support, training and tools.
If you want to learn more about password training and password mangers, feel free to get in touch with us.