10th October 2021

Cyber security

Are You Misbehaving with Your Password?

Password Misbehaviour Blog Image 01

No, we don’t mean are you using naughty words for your passwords. Although we’re sure many people do. We’re asking if your behaviour with your passwords is so bad that it’s putting you at risk of a cyber attack. Sadly, the answer to this for the majority of people is ‘yes’.

How do we know? Well, because we’re an IT support company and have been around long enough to have seen the devastating effects of breaches time and time again.

Read on to find out more...

Password misbehaviour – you should, and DO, know better

In this day and age, people should, and do, know better than to be lazy when it comes to using passwords. The Psychology of Passwords report from LastPass proves this, stating that 92% of people know that using the same password or a variation is a risk. Yet, a shocking 65% still do exactly this instead of coming up with unique passwords.

The main reason for this is that people are afraid of forgetting them, which isn’t surprising given that 51% of people confessed to relying on their memory to keep track of passwords. In fact, people are so worried about forgetting their passwords that 45% didn’t even change them after they had suffered a cyber breach. That’s like giving a burglar a key to your house!

The password misbehaviour doesn’t stop there though…

How you remember and store your passwords are only two parts of the password equation. There’s also how you come up with them. A mere 8% of participants in the LastPass survey said that a strong password should not have ties to personal information. So that equates to the vast majority of people using information such as birthdays, home addresses, telephone numbers and so on in their passwords. And that’s a huge no-no. Here’s why…

Imagine this. You get a new dog. You call it Fluffy. You’re so happy to have Fluffy that you post pictures of her all over your social media… “Welcome to our family, Fluffy!”, “Fluffy is sooooo cute!”, “Here’s Fluffy going on her first walk!”. Your posts are public – who wouldn’t want to see photos of Fluffy?! And then, because she’s the latest love of your life, you use the password ‘FluffyDog21’ for a new online account… maybe a high street retailer. You also enter your bank account details, full name and home address. At the same time, a hacker is scraping your social media profile and using this seemingly harmless information to guess your password, which allows them to access that online retail account you’ve just added all your sensitive information to. And bam – you’re suddenly the victim of a cyber attack.

But surely nobody would use such an obvious password, we hear you say. Well, according to LastPass, 20% of people “shared photos of their pets with their names then used their names in passwords”, which was an increase of 5% compared to 2020.

And this is just one example. Cyber criminals are constantly watching for any links to your personal lives so they can gain insights into the details you may have used for your passwords.

It’s time to stop behaving badly

You need to stop and take stock. Since Covid came into our lives, our online behaviour has changed. When we were all stuck at home, we spent more time online… for work and for pleasure. Findings show that we have 50% more online accounts now in 2021 than in 2020, with 90% of people estimating that they have around 50 online/app accounts. That’s not surprising when you think that we all had to quickly learn to work and live in a world where offices, shops and schools were closed for extended periods of time.

And the key word there is ‘quickly’. Online accounts are often set up in the spur of the moment. People know you should use a unique password, but either they don’t have time to think of one or are worried that they’ll forget it. So they use the same one that they use for a few other accounts – both personal and work ones. They may fully intend to go back and change it later, but busy life carries on and that doesn’t happen.

Business owners… beware!

During the pandemic, 71% of people worked wholly or partly from home. And a large majority are continuing to do so with the rise of hybrid working, so it’s highly likely that some or all of your team are now working certain days from home.

While we had to act fast when the pandemic hit, we now need to ensure that employees are behaving in the right way when it comes to passwords and cyber security when at home. As many will be using personal devices instead of company ones, there is more risk. Microsoft has jumped in and created Windows 365 and Windows 11 to meet this problem head on… read more in our article Microsoft Makes Hybrid Working a Breeze with All-New Windows 11 and Windows 365. But at the very least you should be making sure your employees are abiding by the basic password rules:

  • Using unique passwords for each and every account

  • Not including personal details in passwords

  • Never sharing passwords by text or email

Password managers can ensure all of this happens.

How Password Managers can help?

There are lots of password managers available on the virtual high street, but features you should look out for as a way to protect yourselves and your business against cyber crime are as follows:

  • Create fully secure passwords in seconds – no need to be creative and think of them yourself.

  • Autofills your username and passwords for accounts you store in the app – eliminating the worry of forgetting them.

  • Securely store your digital records that contain high-risk, personal data, such as insurance policies, memberships and WiFi passwords – reducing the risk of them falling into hacker hands.

  • Securely share passwords – much safer than sending them by text or email.

  • Dark web monitoring – you’ll be alerted if a breach does occur.

A final password recommendation… get all of your employees to use multifactor authentication (MFA) wherever possible. This is an extra layer of security – even if a hacker managed to get hold of a password, they still wouldn’t be able to access your account because a code or other form of security verification is sent directly to you on a separate device (usually a mobile). This has the double advantage of alerting you to an attempted cyber attack… if you get an MFA code through and you haven’t asked for it, it means someone has tried to access your account. You can then hop straight onto your password manager and change your password in just a few clicks, and voilà… you are once again secure!

Passwords are a hugely important part of cyber security. But they are only one part of it, and you need a holistic approach to ensure you are as protected as possible. If you’d like to get more information about our security bundles, download our brochure, give us a call today on 0333 456 4431 or email us at info@somerbysit.co.uk.