One of the most critical problems in the modern world is cybersecurity. Since each of us uses social networks, e-mail, messengers, and various online services, it is important to know how to securely protect your data. And for owners of websites, online stores, and blogs, secure access to accounts is an integral part of a successful business.
The main helper in the cybersecurity battle is a solid password. We share how to create a strong password, where and how to store it, what measures should be taken to ensure that your password protects from intruders.
Using passwords is a vital component of working with any software or resources. At the same time, passwords are an integral part of a company's information security. They protect user accounts, user data, and access to them. Using a weak password can make data accessible to third parties. It can also disrupt the performance of information systems of other companies (for example, a provider of hosting services).
Therefore, employees of the company, suppliers, contractors, or visitors — all users who have access to the company's information systems are responsible for the creation of secure passwords and their protection.
Each of us uses passwords for various purposes. The most common purposes are logging into a computer, e-mail, authorization on various web resources, etc. In some cases, there are systems with one-time passwords. We use passwords a lot, so every user should know the requirements for creating strong passwords.
Let us take a closer look at what a secure password should be and what combinations you should avoid.
Signs of a weak password:
- contains less than 12 characters;
- a word from a dictionary;
- a word used in everyday life, for example, names or surnames of friends, colleagues, actors or fairy-tale characters, animal nicknames;
- computer term, command, name of a site, hardware, or software;
- variations of the company name or trademark;
- birthday or other personal information, such as an address, phone number, etc.;
- regular sequences of characters and numbers, for example, 111111, abcde, qwerty, etc.;
- any of the above in reverse spelling;
- any of the above with the addition of a digit at the beginning or at the end.
For example, among the most common passwords around the world are the following: 123456, 123456789, 123123, 123321, 111111, password, qwerty, qwerty123, iloveyou, princess, admin. Often names of sweets or car brands, for example, cocacola, snickers, mercedes, ferrari. Heroes from movies and cartoons, in particular superman and spiderman, as well as the names of popular world bands (for example, metallica) are also quite popular. Unfortunately, the trend remains the same in 2019. The list has only been supplemented with other frequently used words, for example, football, monkey, donald, charlie.
Now let us look at what elements of a strong.
Characteristic of a strong password:
- contains large and small letters;
- contains large and small letters;
- contains numbers and symbols;
- more than 8 characters;
- is not a word in any of the languages, dialects, jargon, slang;
- it is not based on personal information.
Also, a secure password should not be stored in paper or electronic form without the appropriate protection.
The password should not only be strong but also easy to remember. But how to make such a combination? We suggest creating a password based on a song name, phrase, or association with them. For example, your favorite song is The Beatles - Let It Be (1970). Then the password may look like this: TB-19lib70.
For company user accounts, one cannot use:
- the same password as for other information systems (for example, home Internet provider, free email, forums, etc.);
- the same password for different corporate systems;
- the same passwords in Unix and Windows operating systems.
- Report the password to other persons, including administrative staff.
- Report the principles of password creation (for example, based on a surname).
- Report the password in electronic surveys, unfamiliar authorization forms, or anywhere else.
- Pass the password to colleagues during your absence, vacation, or business trip.
Make sure that a password-protected lock screen is turned on on your computer, which will be activated after 10 minutes of your inactivity. At the same time, logging in should not be performed automatically.
Also, block your computer every time you leave your workplace. There are several ways to block a PC. For the Windows OS family, use the Windows + L or Ctrl-Alt-Delete keys and select the appropriate option in the available list of operations. If you need to lock a PC with Linux OS, use the keyboard shortcut Ctrl + Alt + L.
And a few more rules that we recommend applying when working with the Tucha cloud infrastructure:
- Make sure that accounting for wrong password entry attempts is activated in your accounts. Remember that the user account is blocked for 1:00 after 5 incorrect attempts to enter the password within 5 minutes. Only system administrators can unblock accounts that belong to the group Administrators. And this is done after confirming that the wrong password was entered by the user. Otherwise, the problem is transferred to the company's information security service.
- Do not forget to update your password regularly. Change it at least once every 180 days, and for accounts that belong to the group Administrators — once every 90 days.
- If you think that someone might have found out your password, change it immediately and inform the company's information security service by phone or email. If someone requires you to provide the password, you should also immediately contact our technical support service.
- Also, contact the company's technical support service immediately if you have lost your password, the media, or the device on which it was saved. If someone found out your password, you can change it yourself.
Let us look at the simple principles of storing passwords that will protect your data from falling into the hands of intruders.
How not to store passwords:
- do not keep passwords in paper form;
- do not leave information about passwords in any files or on media that are available not only to you,
- do not leave default passwords set by administrators;
- do not store passwords in software that is not designed for this (in browsers, utilities for connecting to other services, etc.).
For the most secure password storage, we recommend using password managers, for example, KeePass, EnPass, CommonKey, Dashline, etc. And we have also prepared for you visual instruction on how to properly configure and use KeePass.
So, protecting your data on the Internet is not so difficult. You only need to create a strong password, store it correctly, and follow simple measures to protect your data from access by others. Now you know how to do it. And if you have any questions or you think that someone might have found out your password, please contact us at any time. We are in touch 24×7 and will always provide prompt assistance!