Password Controls
18/02/2019
Passwords – the last control that prevents malicious people from accessing everything that you have access to.
It is a good idea to make your password a good one. Your password is valuable to different types of people.
Some people might want to look into your personal life. If they know you or can find out information about you through things posted online, they might be able to guess one of your passwords. If this is your email password they can use email access to reset the passwords on all your other accounts.
If your password is less secure the attacker may simply automate an attack on your password. In this case millions of attempts are levied against your account and weak passwords will be broken.
If your password is leaked it might be a while before the company which lost your password informs you about it.
https://www.bbc.co.uk/news/technology-47044652
Where this happens criminals may have access to your password for a long time and you will be unaware of this access. In this case if you are using that password in more than one place the criminals have more than enough time to try numerous sites on the internet to see if that access succeeds.
To help withstand the majority of these attacks a password of decent complexity is your best weapon. Every year a report is published of the worst passwords used. In the majority of cases the very worst passwords are in use by thousands of people
https://www.digitaltrends.com/computing/top-100-worst-passwords-2018/
The list is common knowledge, so criminals know about these passwords too and when trying to access an account will use these first.
For this reason it is important to set a secure password which is not on this list.
There are a great many sites that can give advice about password choice https://nakedsecurity.sophos.com/2014/10/01/how-to-pick-a-proper-password/
All passwords are guessable and the key is to make them long enough to withstand repeated guesses or an automated dictionary attack.
The currently policy https://intranet.cranfield.ac.uk/it/PoliciesandProcedures/NetworkPasswordPolicyforITSystems.pdf states that passwords must be at least 8 characters, and contain a combination of numbers, symbols, uppercase letters, lowercase letters, and spaces. The password would be free of repetition, dictionary words, usernames, pronouns, IDs, and any other predefined number or letter sequences.
A popular way of constructing passwords is through the use of passphrases – short random words – that, when used with the advice above, can form strong complex passwords.
Long passwords, tend to be cumbersome to use, passwords longer than 12 characters tend to be particularly tough to enter on a mobile device for example. In these cases it is generally recommended to make use of a password manager:
https://www.lastpass.com/business-password-manager
These generate random passwords for you, store all your passwords and so the only password you need to know is the ‘master’ password for the password manager.
For obvious reasons it is very important to make sure that the password you use for the password manager is a highly secure one.
Passwords which are breached are used by criminals in a number of other sites to see if they can gain access. This can occur often months before the account owner is even made aware that their account has been breached. This means that it is critical that each and every password you use is unique (i.e. you do not re-use passwords for different services). This is made easier by a password manager.
To ensure that your chosen password is not one that has been in a previous security breach you can make use of the password checker at https://haveibeenpwned.com/Passwords. Which also offers a notification service if your account(s) ever appear in a security breach (if you sign up to this free service) https://haveibeenpwned.com/.
Occasionally problems are reported with password managers themselves, however be aware that the stronger the main password (for accessing your password manager) the less likely anyone will gain access to it.
Categories & Tags:
Leave a comment on this post:
You might also like…
Inside the Thermal Power and Propulsion MSc with Dr Uyioghosa Igie
In our recent conversation with Dr. Uyioghosa Igie, Programme Director for the Thermal Power and Propulsion MSc at Cranfield University, we uncovered what makes this course such an exciting and valuable path for ...
Borrow fiction online – for free!
Everybody needs a break from work, and if you fancy reading or listening to some fiction or non-academic books, we have the app for you! Use the Libby app to borrow a host of online books ...
Researching IPOs in Bloomberg
Are you researching IPOs? Do you want to find IPOs on a specific index (eg S&P 500, or UK AIM Index) for specific dates? Then Bloomberg is where you should be looking. If you haven’t ...
Meet the Cranfield alumna named among sustainability’s brightest rising stars
For Julia Anukam, working in sustainability is about being part of the solution. A conscious consumer and long-time vegan, she found her true calling after a re-evaluation of her career priorities during the Covid-19 ...
We need a million engineers who understand accessibility
…and we are, mostly, starting from zero. This arresting, attention-grabbing line was said to me only last month, in a busy London canteen. Who said it, where we were, are and what they said - ...
Cranfield apprentices named among sustainability’s brightest rising stars
Two Cranfield University apprentices have been recognised for their drive, determination and potential to lead the UK towards a more sustainable future. Julia Anukam and Lucie Rowley feature in the prestigious edie 30 Under ...