So, another day – another data leak, another day another breach – another hack. We see this news daily – we read about it all the time – but do you really care? I’ll ask a few questions about your password hygiene just answer them for yourself and if your answer matches what I wrote underneath any of the questions – read on.

Password Hygiene

  • When was the last time you changed your passwords?  
    • You should regularly change and update all your password – if your answer was along the ‘I don’t remember’ lines or ‘Passwords?’ definitely read on
  • Are you using single ‘standard’ password for all your accounts?
    • If the answer is ‘yes’ … well keep reading
  • Is any part of your password a common word (love/Superman/etc)?
    • Yeah – keep reading
  • Are you using multiple passwords but they are ‘tweaked’ version of the same? (ie – Password, Password1, Password2 etc)
    • Yes – definitely keep reading
  • Are your passwords constructed using so-called password ‘walking’ which means password constructed by letters/characters that are next to each other on the keyboard? (ie – qwerty, 123456, etc) ?
    • You know it! Keep reading.
  • Is any part of the password name of your favourite football club, player or generally are you using sports reference?
    • Yeah, Liverpool1 is not a secure password. Imagine that?

Passwords are dead?

Right – so you are still reading that’s good. The bad news – passwords ARE dead, sorry that’s the reality – passwords are not secure anymore, passwords are easy to crack and they leak all the time. First advice – if you can, if your service allows for it and if its possible and manageable use multi-factor authentication.

But even though, the passwords are dead – they are not going anywhere – we still need to use them we still have to manage them and remember them and they will be leaking right, left and centre. So what to do?

Has my password been leaked?

First of all – check your ‘standard’ passwords – you know you have them, you know you are using them so no need to deny – Troy Hunt (a really good guy) – created very handy tool to check your password – just type it (it is secure) and verify if it is a common password and/or if it leaked out for example result for ‘Liverpool1’ – This password has been seen 9,885 times before. Don’t wait so and go straight to https://haveibeenpwned.com/Passwords and verify your password.

Now – while you’re at it go to https://haveibeenpwned.com and verify if your email ever leaked – I bet it did. This site – will tell you how many times and when. Hopefully, you did change your passwords ever since… If not – DO IT – DO IT NOW!

How do I create a strong password?

Finally – is there an easy way to generate memorable and secure passwords? Well, there is no simple answer to it. Scratch that – there is one: NO. You just can’t – sooner or later your password will leak out – sooner or later if you are using the same password on multiple sites it will become insecure. So what to do? (Except multi-factor authentication?) Stick to good password hygiene:

  • Never re-use passwords – yes it is pain in the…but use a different password on every site. Not just a variation of the same password – use a completely different one.
  • Try to use randomly generated passwords – if remembering something like – w6B,zNbJE&<VQh{w – is rather difficult for you (or you are not a robot) – use password managers. They do work and you only need to remember one insane password.
  • If you are creating passwords you can remember – make sure they are long (16+ characters and more), they don’t contain any words, they are a mix of UPPER CASE LETTERS, lower case letters, numbers, and symbols.
  • Keep up to date with the news – you don’t have to be a security expert – just keep your eye on the news about big data breaches (like. Yahoo, LinkedIn, Dropbox etc) and verify with above sites if your data been leaked.
  • Use multi-factor authentication if possible.

First Ireland provides Cyber Liability Insurance. If you are a business owner cyber liability insurance can help relieve a lot of the pressures on your business in the event of a cyber attack or data leak.