October is National Cybersecurity Awareness Month and it’s predicted that 33 billion records will be stolen this year, so whether it’s receiving a shady text from the Post Office, or seeing a random flight transaction on your online banking, it’s worth scrubbing up on your cybersecurity knowledge to make sure you’re as protected as possible.
The first point of call when it comes to staying protected online is making sure you have a robust system when it comes to your online passwords. A recent study by the cybersecurity experts, Redcentric, found that 20% of Brits have just one to two passwords for all of their online logins.
The study of 2,000 Brits also found 77% don’t use a password manager and 23% save their passwords in the browser. In addition, a third (34%) of Brits say they generate their passwords randomly.
Tom Holloway, left, head of cybersecurity at Redcentric comments: “The fact that so many people reuse the same password on multiple accounts/services is a real worry. The concern is that if their credentials for one site are compromised, those credentials could be used to access a wide range of password protected services with relative ease.
“The simplest approach is to use a password manager which means that you don’t need to record them elsewhere, such as in their phone, in their browser or even on a written piece of paper. Storing your passwords in any insecure place that doesn’t even itself require a password to access, could very easily be stolen or hacked into.”
Tom continues: “This research shows that, by no fault of their own, Brits are lacking a lot of knowledge when it comes to generating and storing their passwords. With cyber attacks becoming increasingly common, and the capabilities of cyber criminals becoming more and more complex, this is concerning.
“I would urge people to review all of their passwords and consider how guessable they really are. Updating them and installing a password manager takes just a few minutes, but could save you huge amounts of money, stress and time in the long run.”
The study also found one in six (16%) of Brits have never changed their passwords, but of those who do change them, 15% are doing so far too regularly.
Joe Cockcroft is an ethical hacker at the NEBRC who is trained in hacking into complex systems and understanding how cyber criminals carry out attacks. He comments: “The National Cyber Security Centre advises that regularly changing passwords can cause more harm than good. Instead, it suggests that better password hygiene is more sufficient in securing accounts. Nevertheless, passwords should be changed immediately if a compromise is suspected or known.”
When it comes to the password combinations that are easiest to hack, Joe adds: “Using identifiable information, such as a favourite football team, names of family members, or the city you live in, can make passwords easier to determine.
“While this information may be easy to remember, it could also be easy for threat actors to figure out after a short time exploring your social media profiles, for example. NordPass’s Most Common Password List shows just how popular football teams are for UK passwords, as well as how many passwords lack complexity and are often a single word. Threat actors will often use a list of thousands or millions of words that help them crack your password.”
To help Brits stay protected online and implement best practices when it comes to their passwords, Joe shares his top tips:
- Use complex passwords
“Make sure passwords are suitably complex and cannot be guessed. The length of a password also plays a huge role in how easy it is to compromise. A short password with a mixture of numbers, symbols, and letters will be easier to compromise than a long password with only letters and spaces.”
- Don’t re-use passwords for multiple accounts
“Using the same password in multiple places risks the security of multiple accounts and should be avoided. This includes passwords that are largely similar, such as those where a number or symbol has been added to the end. Some users will utilise a pattern that allows them to easily create and remember different passwords for each site, however, be aware that threat actors may be able to decipher this pattern after observing one or more compromised passwords.”
- Use multi-factor authentication
“Multi-factor authentication (MFA) requires an additional factor to gain access to an account in addition to the usual username and password combination. This usually takes the form of a code which is delivered to a mobile device via app or text message. Enabling this on accounts can help to negate the success of an account compromise, as the threat actor is unlikely to have access to this code. It will also notify the user if somebody an unauthorised person has logged into your account”
- Regularly check to see if your accounts are compromised
“It’s important to stay aware of any data breaches that your accounts may be involved in. This will not only indicate that you need to change your password, but also highlight what other information may now be easily accessible by threat actors (attackers), such as addresses and credit card information. Have I Been Pwned is a free tool that helps you to identify any data breaches you may have been involved in by entering your email address or phone number.”