Recent attacks, especially ransomware, are often the result of compromised passwords that have either been purchased on the dark web or been cracked by attackers
It is therefore essential to practise good password hygiene to protect your IT infrastructures. This requires a clear and consistent company policy on the use of passwords, employee awareness and password manager use.
What is a complex password?
A complex password involves a combination of at least 12 characters (i.e. numbers, lower- and upper-case letters, and symbols). It also does not contain any dictionary words but is made up of a combination of random characters
Did you know…?
A six-character password consisting of a mixture of numbers, lower- and upper-case letters, and symbols can be cracked in five seconds.
Raising employee awareness
Humans are a major attack vector. It is vital to systematically train and sensitise staff about the risks and the simple actions for addressing them (i.e. complex passwords, phishing attacks, etc.).
Password managers
It is also important to avoid reusing passwords across systems. As such, the use of password managers is recommended.
Examples of password managers:
- 1Password
- Bitwarden
- Keepass
- KeepassXC
This type of solution allows users to manage and generate complex and unique passwords for each service. Password managers can take the form of software or an extension and differ depending on where passwords are stored (locally or online).
Additional resources:
- Choosing a password manager: https://www.cert.govt.nz/it-specialists/critical-controls/password-manager/choosing-a-password-manager/
