Passwords are an important element in cybersecurity

I have mentioned passwords before in some of my blogs about the cyber risk.  Of course, I have mentioned a lot of other things too. I try to keep up to date and pass on tips in beating the latest ruses of the cybercriminals, as there is an arms race between the IT companies and the hackers.

Aren’t passwords a bit yesterday?

As the arms race has moved on, hasn’t the need for passwords … well, passed? No. They remain a vital part of the picture, a weapon in the armoury. Just as locks remain part of the physical security armoury and hard hats part of health and safety. It’s no use getting into the latest sophisticated security measures, if you don’t bother with the basics.

Why am I writing about passwords again now?

I have just heard that a huge number of people still use one of these passwords:

  • PASSWORD
  • 12345
  • 54321
  • 1066

How long do you think it would take anyone to guess any of those?

I thought everyone had got the message by now and used something less obvious.

What sort of passwords are less obvious?
  • Words that are not so common
  • Dates that are not so commonly known
  • Combinations of letters, numbers and other symbols, like * & % £
  • Initial letters of well known phrases
If you do use obvious passwords – think!

Is the choice of an insecure password a giveaway as to your attitude to risk?

  • Is this just a blindspot or is it how you manage all your risks?
  • Do you underestimate the risk, either the probability or potential severity?
  • Do you overestimate the effectiveness of controls?
  • How often do you review risks and control measures?

In short, how seriously do you take risk management?

How about turning over a new leaf? Have a chat with me for a start. Or read my book: Load The Dice.

 

Load the dice