BSI offers tips for strengthening password hygiene
8 May 2020 | 0
BSI has urged online users to strengthen their security posture through good practices and to better protect themselves from vast cyber risks.
“A password is the primary method used to confirm the identity of a user to gain access to a wealth of platforms and personal information,” said Stephen Bowes, global practice director, information &security technologies at BSI. “By having good password habits, online users are not only protecting themselves but protecting their data, property and business.”
Bowes added that many users struggle to create passwords that facilitate secure access to a diverse set of accounts: “The risk here is that if a user decides to use the same or similar password across accounts and a malicious individual gains access to this password through phishing emails or by other means they will have unauthorised and unlimited access to the unsuspecting users online world. Should the same password be used on personal as well as a work accounts, the risks increase even further as important company data could potentially be exposed.”
While some find it difficult to remember multiple passwords, BSI insists that users must refrain from using the most common ones. According to a recently uncovered blacklist of passwords, the ten most frequently used were: 123456; 123456789; qwerty; password; 111111; 12345678; abc123; 1234567; password1; 12345.
Password hygiene tips
The Consulting Services team at BSI offered several tips to help online users strengthen their security posture:
- Passwords should at a minimum, contain ten characters using uppercase and lowercase letters as well as numbers and special characters – a good password is a long password
- Refrain from using personal information such as a part of an address, a surname, a spouse’s name, a pet’s name, favourite football team, date of birth or the name of the platform the password is being created for
- Consider using a ‘passphrase’ that will not be forgotten easily and incorporate a mix of characters
- Never use the same password across multiple accounts and add where possible multi-factor authentication (MFA) and/or biometrics (e.g. Touch ID, Face ID or Fingerprint Managers)
- Always ensure that when accessing a platform online that it is through a secure connection and refrain from auto saving passwords when prompted
- Do not write down a password on a device or in a notebook and consider encrypting a password file using an identity provider or using a password manager instead (e.g. Lastpass, Keepass or 1Password), where a password can be encrypted and stored either locally or in the cloud
“The current pandemic has increased online fraud as attackers seek opportunities to exploit people,” said Bowes, “… we want to help everyone to strengthen their information resilience by asking them to review their passwords and update them. Doing so will not only boost their security awareness and posture but can help in reducing the risk of data loss, financial loss and even identity theft.”