Password Management 101

by | Aug 25, 2021 | Security | 0 comments

Whether we like it or not, passwords are the key to almost everything we do online – from dating apps, accessing your bank to logging into your M365 account. These days especially, with accounts and signin required for almost everything, strong password management is necessary for keeping your data and personal information safe. 

In fact, new research from NordPass reveals that average person has around 100 passwords to remember. If you’re anything like us, you’re flat-out remembering your neighbour’s name, let alone the password to an account you created two years ago! 

Thankfully, password management doesn’t need to be difficult. We‘ll take you through some simple dos and don’ts of password management, and how you can make sure you stay safe online  

What makes a good password?

When it comes down to it, a good password should be two things: 

  • hard to guess; but 
  • easy to remember.  

In other words, your password is strong enough to deter hackers, but memorable enough so can avoid spending hours racking your brain for the password.  

Consider the following: 

  • Use a sentence or a phrase, like “unicornsliveinbrisbane”. 
  • Make it as complex as possible by including both uppercase and lowercase, and replacing letters with numbers or symbols, like “Un1c0rnsliveinbRi5bAN3”. 
  • While complexity is essential, length is equally as important; aim to use at least 16 characters where possible. 
  • Set up multi-factor authentication on your account – this is generally through a mobile phone app or token. Setting up MFA adds another level of protection – but we’ll touch on this later. 

Common password mistakes

Let’s also look at some things you should always try to avoid when creating passwords.  

  • Revealing your password to others. While this may seem painfully obvious, never reveal your password to anyone else. Your password is as valuable as the PIN on your bank card – so keep it to yourself. Any website or person asking for your password should be flagged as a scam immediately.  
  • Using the same password for everything. We’re all guilty of this to a degree, but avoid using the same or similar password for all your accounts. Understandably, you’re required to make passwords for almost everything these days, but ensure you keep them as unique as possible – especially the important ones! 
  • Using basic words followed by a number. Scammers are clever these days and have plenty of ways to access your account. Often, they will use dictionaries of words and commonly used passwords to try and infiltrate your account. The days of “Password1” are well and truly behind us. 
  • Basing your password on public information. By this, we mean avoid using a password that is inspired by something people can find out about you on social media. For example, using your children’s name or birthday, or having “cricketlover95” if your Facebook profile is plastered with cricket content, are probably not the most discreet choices. 
  • Saving your passwords in a “secured with a password” Word or Excel Document. This is an extremely common practice which is frighteningly simple to crack – as we demonstrated recently with a client who’d lost access to this type of document. A modern PC with the right tools can crack a standard password in around 4 days. Add a modern, high-end GPU to that and your password could be cracked within the hour.  

Ultimately, if someone can guess/has access to your passwords, it’s a bad password.  

Need some examples of what not to do? Here are the top 200 most used passwords from 2020 

The solution – password managers & multi-factor authentication

Understandably, most people cannot keep tabs on all the different passwords they have for various accounts. Unless you’re using the same or similar password for everything (not a good idea), it may feel like a nightmare trying to manage your plethora of login details 

While there are traditional password management methods (again, we’ll touch on these later), today, we have software that can do it for you.  

So, for both individuals and businesses, we always recommend employing the use of a password manager, in conjunction with multi-factor authentication (MFA).  

Password manager software

So – how on earth are you meant to remember tens (potentially hundreds) of different passwords you have scattered across the internet? 

The answer is you don’t! Using high-level encryption, password managers allow you to keep all your passwords safe and secure in one digital vault and can even generate complicated passwords for new accounts. All you need to remember is the one master password to get into your account.  

One password’s easier to remember than 100 – right? 

Our recommendation? LastPass is the password manager we recommend to our clients because it: 

  • Supports most browsers and platforms 
  • Password strength report 
  • Dark web monitoring tools 
  • Secure sharing 
  • Password inheritance 
  • Two-factor authentication 
  • Free and premium versions available. 

Multi-factor authentication

Multi-factor authentication (MFA) adds an extra level of protection to the sign-in process. Generally, MFA is done through a phone application.  

When you go to log in, you will also need to verify the login on your MFA application, using a time-based, single-use passcode.  

MFA is a great way to boost security on all your important logins. Moreover, if you are thinking of using a password manager to store all your login details, we strongly recommend adding MFA protection.  

What do we recommend? For us, we can’t go past the Microsoft Authenticator.  

Microsoft Authenticator is a trusted MFA, backed by Microsoft’s encryption. Moreover, it is super easy to download and use – meaning you can get started with it today! 

There are, however, plenty of alternatives out there. Spend some time doing your own research to find the best MFA solution for you/your organisation. 

Traditional password management methods

Traditional methods of password management are the more analogue techniques that you may or may not still use.  

These methods include things like:  

  • Writing passwords down on sticky notes, post-its, etc.  
  • Keeping a master spreadsheet of all passwords.  
  • Sharing them to your colleagues/family/friends over email or text.  
  • Repeatedly using the ‘forgot password’ option.  

These techniques are surprisingly still common amongst businesses and individuals. Traditional techniques are, in general, far less secure than more modern, digital methods 

Pros and cons of traditional password management techniques

Let’s be real – the cons of traditional methods far outweigh the pros. Especially with things like sending passwords over the email or having a spreadsheet saved locally, it is far better to keep your passwords stored safely in a digital vault.  

In saying this, the only upside of keeping your passwords written down is that no hacker will be able to access it. Unless, of course, you misplace it, or it falls into the wrong hands. 

Ultimately, we strongly recommend that any individual or business consider securing their passwords through digital manager software 

More questions?

Do you have any more questions on password management, or online security in general? Don’t hesitate to reach out to Monocera at [email protected] or by calling 07 3369 1415.  

If you’re looking for more online safety tips, why not check out our article on the Essential Eight baseline mitigation strategies, as recommended by the Government.  

Why Microsoft 365 Backup and Recovery is Important

What happens if your team can’t access important business files? The impact of data loss is disruptive at best and devastating at worst. While many businesses associate data loss with cyber attacks, a lot of the time it’s a little closer to home—user error. So, how...

How to Spot a Dodgy Website

As anyone with a mobile phone in Australia knows, scams are on the rise. Whether it’s “mum” asking you send through a couple hundred bucks on loan for groceries, or “Linkt” asking you to top up your toll account, sometimes fraudulent and scammy characters can be hard...

Why You Should Use Microsoft Office Cloud Signatures

As businesses return from their holiday breaks, email signatures are slowly being edited to remove end-of-year sales, holiday period information, and festive additions.   Many of these businesses are unaware that this rollout can be made easier by utilising the cloud...