Six Non-Negotiables of Password Security – World Password Day, May 5th

It was World Password Day on Thursday, 5th May. And while most of us feel we would never use a hackable password, do we actually know what a robust password is? Or how many passwords we should have? Or where we should store them?

History has proven that even large enterprises have fallen prey to hackers through basic password hygiene. In March, the Brazilian hacking group N4ughtySecTU demanded $15 million from TransUnion to not publish millions of personal records which had been reportedly accessed by using “password” – the fifth most common password in 2021 – according to virtual private network provider, Nordpass.

David Lees, co-Founder of IronTree, a leading Managed Service Provider in the Middle East and Africa region offering a suite of backup and cybersecurity products, which was acquired by Metrofile in December 2021, explains, “These days, there are numerous ways to create robust passwords and save them for easy and swift retrieval. Tools like KeyChain Access or software like 1Password, LastPass or Dashlane. Beyond that, you need to “LayerUp“, adding two-factor authentication (2FA).

Companies are unaware of the daily threat via malware and ransomware, with cybercriminals becoming smarter in their approach. Most need intelligent password management, with frequent editing, but that’s basic. You need an expert partner, and not just software, to protect data.”

Businesses have a legal obligation to protect consumer data under the new POPIA act, so they will need cybersecurity, backup, disaster recovery for emergencies, private hosting, and POPIA compliance. That is essentially our five-pronged security suite at IronTree. It has helped us to be acknowledged as Acronis Cyberfit Partner Award for “Best Service Provider’ in 2021 across the Middle East and Africa Region”.

5 common passwords in 2021 and how long it takes to crack them, according to Nordpass:

  • 123456:  Less than one second to crack, with 103 million uses counted in a study 
  • 123456789:  Less than one second to crack, with 46 million uses counted in a study 
  • 12345: Less than one second to crack, with 32 million uses counted in a study 
  • qwerty: Less than one second to crack, 22 million uses counted in a study
  • password: Less than one second to crack, with 22 million uses counted in a study

IronTree proposes “The Secure Six” password tips:

  1. Create complex and unique passwords, which are not easy to guess. 
  2. Change them every few weeks, or even months.
  3. Make use of a password manager. Password managers act as a library for all your credentials and plug into desktop apps as well as your browser. Your browser does not count as a password manager as a hacker can access the cache your credentials are stored in and exfiltrate them. A password manager can also add multi-factor authentication (“MFA”) to your credentials.
  4. Following that, use multi-factor authentication. Make sure it is enabled on as many of your accounts as possible. This means you’ll need to verify a login attempt before you’re able to access that service. MFA also ensures that, if an account of yours gets compromised, the hacker won’t be able to access that account until the login is authenticated.
  5. Don’t use the same password across multiple accounts. This ensures that if one of your accounts is compromised, it won’t lead to more accounts being hacked. 
  6. Don’t share your personal passwords and store them securely. You shouldn’t keep your PC’s password on a sticky note stuck to your desk or write it down in a notebook. This allows anyone to see your password and use it to access your accounts.

Unpacking password management statistics

  • 1961: Massachusetts Institute of Technology (MIT) creates the computer password so that multiple people can use a shared computer system.
  • 1971: Public-key cryptography is created so two people can authenticate each other without exchanging a cryptographic key.
  • 1979: Weak Passwords: A study done by Morris and Thompson demonstrates that guessing passwords through personal information is easier than deciphering passwords.
  • 1986: Two-Factor Authentication: Two-Factor Authentication emerges and is adopted.

Share this article:

Popular Posts

Recent

"*" indicates required fields

Hidden
Keep me up to date

I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

Does your business send bulk emails?

Learn all you need to know about Google & Yahoo’s new requirements for bulk email senders.

"*" indicates required fields

Hidden
Keep me up to date

I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

"*" indicates required fields

Hidden
Keep me up to date

I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

"*" indicates required fields

Hidden
Keep me up to date

I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

"*" indicates required fields

Hidden

I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Hidden

Training

We also offer certified training packages The training will cover POPIA in general. We have two options available. Once off costs. Employee Awareness Training - R490 per candidate Senior Employees Awareness Training - R650 per candidate All prices exclude VAT

Company Structure

Are you part of a group structure?*
IronTree is committed to protecting and respecting your privacy, and we'll only use your personal information to administer your account and to provide the products and services you requested. From time to time, we'd like to contact you about our products and services, as well as any other content that may be of interest to you. If you consent us contacting you for this purpose please tick the checkbox below*

"*" indicates required fields

Hidden
Keep me up to date

I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

"*" indicates required fields

Hidden

I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

"*" indicates required fields

Hidden
Keep me up to date

I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

Give us a call:

+27 87 943 2278

Send us a WhatsApp:

+27 66 372 4061

Drop us an email:

After hours support:

+27 72 595 1066

After hours hosting support:

+27 76 102 9813

Log a support request

The reseller zone is currently out getting a facelift as we look to integrate it with our backup platform, as it stands you can overview your clients on our new backup console. If you don't know what console that is, please reach out to us.

"*" indicates required fields

Hidden

I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

This field is for validation purposes and should be left unchanged.
One of our team members will be happy to help answer any questions you have!
Just click the chat icon in the right-hand corner.