Cyberattacks using compromised passwords are on the increase.
No-one is immune to such attacks, as proved recently, when IT giant Cisco revealed they were hacked by a ransomware group that leveraged a compromised employee’s personal account. It was found that the Cisco employee’s credentials were compromised after an attacker gained control of his personal Gmail account.
This shows a growing risk that your sensitive data can be exposed to hackers and means that everyone needs to take continual action to protect their passwords. By protecting your passwords, you’re protecting your sensitive information.
8 Tips for Protecting your Password
- Long passwords are more secure than short ones. At a very minimum, aim for 10 characters
- Use a combination of letters (UPPER CASE and lower case), numbers (0-9) and special characters (eg. $, &, ?)
- Change your passwords regularly. At a minimum, every 90 days
- Do not repeat passwords
- Wherever possible, use multi-factor authentication via SMS, phone call or app
- Maintain a clear desk, and avoid storing your passwords anywhere where prying eyes can take a look (get rid of those Post It notes!)
- Never send passwords via emails or documents. If you need to share it, ensure that you send a password fully encrypted.
- Do not use same password across multiple accounts.
We know it’s difficult remembering multiple passwords. And we know that using the same passwords across multiple accounts is common practice. However, it is also a common reason for password breaches (e.g. if you use the same password for Gmail and for Galaxkey, a compromise on the Gmail account will also compromise your corporate Galaxkey password).
A simple technique to remember your password
A simple technique to help you to remember your passwords is to split them into two parts – one part is is common, and is something that you can remember easily, and the second part is specific to the account. For example
Gmail password : Gm@!lPass
Amazon password : @m@z0Pass
This way, you can maintain different passwords, while remembering them easily.
How to find out if your account has been compromised
A great way to check if your account has been compromised, is to head to https://haveibeenpwned.com/Passwords
This website keeps an updated version of all compromised accounts, so, if your account appears here, change your associated password immediately.
If you’d like to see how Galaxkey’s unique, triple-layered data protection suite can help you protect your sensitive information, get in touch with us today.