Everyone knows the importance of creating a really strong password to make it more difficult for hackers to break into your systems. This is particularly important for systems that might house confidential information, such as customer data or corporate secrets. But, do cybersecurity teams always practice what they preach?
Weak passwords make it easy for hackers
It’s not uncommon for companies to use weak passwords, particularly for accounts that many people need to access. After all, you don’t want to make it so complicated that staff end up writing it down to remember it, right? Whilst most of the time, this probably won’t cause an issue, it does mean that if cybercriminals were to try and hack into these accounts, they’ll be able to do so easily.
International hotel chain, IHG, found this out the hard way when a vindictive couple hacked into their systems and deleted huge amounts of data. Fortunately, they weren’t able to carry out the ransomware attack they had planned, but they were able to do enough damage to cause disruption for customers looking to book and check-in. The couple were able to access IHG’s internal password vault because the password used was incredibly weak – Qwerty1234. This is one of the most commonly used passwords, along with 123456, 1q2w3e, 111111 and password.
What makes a strong password?
If any of these passwords look like ones your company uses, then now is the time to change them. But what makes a strong password? Most security advice suggests using:
- At least eight characters
- A mix of upper- and lowercase letters
- Special characters
- Numbers
It’s recommended to not re-use passwords across different accounts, but there are many password generators that can help you create strong passwords. To prevent your team members writing down the passwords, you can also consider a password manager to remember them.