Are Passwords Still Safe?

David Ford

Founder

We looked at simple processes to help you and your people, at work or home, develop strong passwords for every application. This is the first step in defending networks, systems and devices against malicious action. Now, we look at more straightforward ways to create passwords to keep you safe.

Random Password Generator

There are many free password generator tools available from leading cyber-security organisations. These tools work locally on your computer to ensure your choices are secure. You generate new passwords until you find one you think you can remember.

It pays to type it out repeatedly until you achieve muscle memory. Still, given the number of passwords needed for an average level of online activity, it’s a secure approach, if a tough one.

Security-conscious individuals will use the random password generator method but need more effort to remember it. Instead, they rely on the ‘forgotten password’ routine to create a new password whenever they access the application.

It might seem excessive to some, but the routine usually acts like two-factor authentication, and the hacker would also need access to your email or phone. And if you need help remembering the unique password of alpha-numeric characters, what chance do hackers have?

Multi-Factor Authentication (MFA) and Password-Free Login

MFA helps safeguard access to applications and data while being simple for users. It requires users to add a secondary form of authentication before being allowed to access resources. It increases security, reduces the risk of unauthorised access, and can protect against credential theft.

However, many now recognise that even this approach has its weaknesses. Hackers have successfully intercepted the access codes sent to mobiles with sim-swap scams and created fake websites to steal login details and the SMS code received, which they use to access your account before you do.

Although imperfect, multi-factor authentication is better than a password alone and more resistant to large-scale cyberattacks. But the future looks set to be password-free, if Microsoft has any say in the matter, as it continues to push alternatives to remembering a string of characters.

Microsoft offers three no-password login options for its online services on Windows machines:

  • A hardware security key combined with Windows face or fingerprint recognition technology
  • A hardware key combined with a PIN code 
  • Or a phone running the Microsoft Authenticator app

Microsoft is partnering with hardware security key makers like Yubico to encourage users to choose password-free login. They are adopting the new FIDO (Fast Identity Online) standard, which claims to make it easier for device makers and websites to embrace no-password login.

Choose and Use a Password Manager

Once users understand the need for strong passwords that they change regularly and know only to use them for one account, remembering all of them can be a problem. This problem creates risk, as people revert to typing re-used passwords or switch back to easy-to-remember passwords.

Password managers are readily available and, when used effectively, should form an integral part of your approach to improving cyber security for all your users in the office or working remotely. They offer a range of benefits, including:

Forget remembering—Everyone can use longer and stronger passwords, taking advantage of the latest advice to make them secure without worrying about remembering them.

Stronger passwords—Remove the worry of trying to remember passwords again, and your people will choose more complicated passwords and make them different for every account.

Access quicker –People type a single password, and each access point is automatically populated with the appropriate username and password.

Shared accounts—A password manager can also help manage who has access to which accounts while allowing you to change the password as necessary.

Explaining the risks is only sometimes enough, so introducing a password manager can help you and your people stay in control of cyber security by removing the hassle of remembering all the different logins and passwords.

Time for an Eloquent solution?

When the world is focused on hacks, ransoms, and the fallout, we hope our blogs on the need for and best way to create strong passwords have helped highlight this crucial first step in enhancing your cyber security in the office and at home for work or pleasure.

We offer a range of Eloquent cyber-security solutions that provide the alert security you need in an increasingly dangerous online environment. Whatever your organisation’s unique needs, we will start with an in-depth security audit to discover any vulnerabilities and then tailor a solution.

To keep you, your business, and your data safe and deal with threats from without and within, we can provide everything from a 24/7/365 Security Operations Centre staffed by security experts to an advanced range of BaaS and DRaaS solutions to mitigate the impact of a cyber-attack.

An Eloquent solution provides advanced threat detection and analysis reporting while monitoring and logging network assets to prevent rogue device infiltration.

It’s all designed to augment existing system and software patch management with full scalability that keeps pace with your system growth to ensure you remain as safe as possible from hackers. Let’s discuss your needs today, and we can start the journey towards total cyber safety.

Share

Random Password Generator

There are many free password generator tools available from leading cyber-security organisations. These tools work locally on your computer to ensure your choices are secure. You generate new passwords until you find one you think you can remember.

It pays to type it out repeatedly until you achieve muscle memory. Still, given the number of passwords needed for an average level of online activity, it’s a secure approach, if a tough one.

Security-conscious individuals will use the random password generator method but need more effort to remember it. Instead, they rely on the ‘forgotten password’ routine to create a new password whenever they access the application.

It might seem excessive to some, but the routine usually acts like two-factor authentication, and the hacker would also need access to your email or phone. And if you need help remembering the unique password of alpha-numeric characters, what chance do hackers have?

Multi-Factor Authentication (MFA) and Password-Free Login

MFA helps safeguard access to applications and data while being simple for users. It requires users to add a secondary form of authentication before being allowed to access resources. It increases security, reduces the risk of unauthorised access, and can protect against credential theft.

However, many now recognise that even this approach has its weaknesses. Hackers have successfully intercepted the access codes sent to mobiles with sim-swap scams and created fake websites to steal login details and the SMS code received, which they use to access your account before you do.

Although imperfect, multi-factor authentication is better than a password alone and more resistant to large-scale cyberattacks. But the future looks set to be password-free, if Microsoft has any say in the matter, as it continues to push alternatives to remembering a string of characters.

Microsoft offers three no-password login options for its online services on Windows machines:

  • A hardware security key combined with Windows face or fingerprint recognition technology
  • A hardware key combined with a PIN code 
  • Or a phone running the Microsoft Authenticator app

Microsoft is partnering with hardware security key makers like Yubico to encourage users to choose password-free login. They are adopting the new FIDO (Fast Identity Online) standard, which claims to make it easier for device makers and websites to embrace no-password login.

Choose and Use a Password Manager

Once users understand the need for strong passwords that they change regularly and know only to use them for one account, remembering all of them can be a problem. This problem creates risk, as people revert to typing re-used passwords or switch back to easy-to-remember passwords.

Password managers are readily available and, when used effectively, should form an integral part of your approach to improving cyber security for all your users in the office or working remotely. They offer a range of benefits, including:

Forget remembering—Everyone can use longer and stronger passwords, taking advantage of the latest advice to make them secure without worrying about remembering them.

Stronger passwords—Remove the worry of trying to remember passwords again, and your people will choose more complicated passwords and make them different for every account.

Access quicker –People type a single password, and each access point is automatically populated with the appropriate username and password.

Shared accounts—A password manager can also help manage who has access to which accounts while allowing you to change the password as necessary.

Explaining the risks is only sometimes enough, so introducing a password manager can help you and your people stay in control of cyber security by removing the hassle of remembering all the different logins and passwords.

Time for an Eloquent solution?

When the world is focused on hacks, ransoms, and the fallout, we hope our blogs on the need for and best way to create strong passwords have helped highlight this crucial first step in enhancing your cyber security in the office and at home for work or pleasure.

We offer a range of Eloquent cyber-security solutions that provide the alert security you need in an increasingly dangerous online environment. Whatever your organisation’s unique needs, we will start with an in-depth security audit to discover any vulnerabilities and then tailor a solution.

To keep you, your business, and your data safe and deal with threats from without and within, we can provide everything from a 24/7/365 Security Operations Centre staffed by security experts to an advanced range of BaaS and DRaaS solutions to mitigate the impact of a cyber-attack.

An Eloquent solution provides advanced threat detection and analysis reporting while monitoring and logging network assets to prevent rogue device infiltration.

It’s all designed to augment existing system and software patch management with full scalability that keeps pace with your system growth to ensure you remain as safe as possible from hackers. Let’s discuss your needs today, and we can start the journey towards total cyber safety.

Share