Intersys Logo
Menu

Managed IT Support

A Reasonable, Fixed Monthly Fee for All Your IT Needs
Managed IT Support Provider

Consulting Services

The High Level IT Consulting Services You Need to Transform Your Business
Get IT Consulting Services

Cyber Security

A Comprehensive Range of Cyber Security Services for Robust, Industry-Leading Protection
Get Cyber Security Services

IT Solutions

Whatever your IT needs, we'll create a tailormade solution for you
Get IT Solutions

2016: Passwords Are History. Passwords are Dead. Passwords are no longer fit for purpose.

Never Choose Your Passwords

Passwords: they’re an outdated concept and inherently insecure.

In 2016, there’s very little reason to choose a password. Whilst sometimes it can’t be avoided (and for that, there’s Multi Factor Authentication: ‘MFA’ or ‘2FA’), we’ve been banging on for years about the benefits of Password Safes, Password Managers and Password Vaults.

Even then, your randomly generated, unique password should be combined with MFA wherever possible, to ensure that it’s not much use, if compromised on its own.

Who cares about Passwords?

You shouldn’t know, or care, what the vast majority of your passwords are. Why should you need to remember a password?  With a password manager you can copy and paste it securely; never type it, never even see it; you can do this from your Smartphone, PC, Mac, browser. You know it’s unique, can’t be used elsewhere if the service is compromised and, even without MFA, it’ll be secure enough for most purposes (it’s more likely that social engineering will circumvent them anyway).

Passwords are Dead — here’s what you should do:

  1. Choose a good Password Manager — Lastpass Premium, Lastpass Enterprise, Dashlane Business, maybe Keypass if you prefer Open Source and don’t trust ‘Cloud’.
  2. Let your Password Manager generate high entropy, random passwords (and even change them for you automatically)
  3. Ensure your passwords are Unique and not repeated anywhere (eg use the Lastpass Security Challenge to check)
  4. Enable Multi factor Authentication (MFA / 2FA) on your Lastpass and other services, wherever possible (eg using the Google Authenticator app)
  5. Educate your users about Phishing, Vishing and staying vigilant. Whether 1980 or 2016: Social Engineering is usually the key to hacking, and always will be.
  6. Review your Security Layers. Security’s like an onion: multiple layers, layer upon layer. Each layer protects the next, the critical detail’s at the centre (or hidden elsewhere).
  7. Never be complacent. If you think you’re safe, that’s when you’re no longer safe enough.
  8. Mitigate Potential Damage. Think ahead: accept that, if someone really wants to get in, they will. Therefore, try to mitigate what happens via Forensic Readiness Planning.

Security ≠ Convenience

Whilst Security doesn’t equal Convenience, if someone can throw enough resource at it, they’ll hack you. That’s when your BCP and insurance needs to be good. But don’t worry too much: take a step back and wonder why someone would want to hack you.

Security Through Obscurity

Just like opportunist theft, fraud’s more likely to happen to easy targets, unless you have something which they want... that’s what a Risk Assessment’s for. GCHQ’s more likely to be targeted than Good Convenience store’s Head Quarters — and your response should be proportionate to the risk.

 

//intersys.co.uk/2012/05/25/choose-secure-password/

Stay up to date with IT Industry news

Subscribe to our newsletter

Please enable JavaScript in your browser to complete this form.

Subscribe to our newsletter

Please enable JavaScript in your browser to complete this form.

In other news

December 4, 2023

A Haven of Hope

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram