Access Denied: How to upgrade your password security

Notepad with examples of bad passwords

The National Crime Agency has recently recovered a database of 225 million login credentials from cyber-criminals and have shared the hacked passwords with the Have I Been Pwned (HIBP) security project. It’s sensible for organisations to regularly check the HIBP website to see whether passwords have been compromised. Additionally, consider these tips:

  • Use strong passwords. Employees should create passwords at least eight characters long, using a combination of upper- and lower-case letters, symbols and numbers. Passwords should be easy to remember but difficult to guess. A good rule of thumb is to make sure that somebody who knows the user well couldn’t guess their password in 20 attempts.

 

  • Avoid reusing passwords. Passwords shouldn’t be reused, especially for more sensitive systems. For less important accounts, employers may wish to use a password manager tool, which creates and manages passwords in one system, helping to prevent ‘password overload’ in employees.

 

  • Be secure. Ensure passwords aren’t written down, shared with others or sent by email.

Additionally, organisations should consider implementing failed-login monitoring and account-lockout mechanisms to counteract brute force attacks.

McGrady Insurance offers a suite of cybersecurity insurance products and resources to help mitigate your cyber risk. Get in touch with our specialist cyber insurance team today.