Monday, 5 August 2013

Protecting your Data - Are your Passwords Strong Enough?

Passwords need to be strong
We came across this article about 12 months ago: Why passwords have never been weaker, and we urge you to read it. For anyone running a web site or a network its message is quite worrying, basically with the data and hardware available to them it has never been easier for a hacker to break a password. Any way you look at it that's bad news.

As a business owner or director you are responsible for the data that your company keeps, this is set out in law. The Data Protection Act sets out what those responsibilities are and what remedies are available in law should you fail in those responsibilities. Just because a business is small it doesn't mean that its responsibilities are any less than those of the government departments and big corporations whose data protection failures make the news.

How adequately is your data protected?

How strong is your password for accessing your PC?

Do you even use a password to access your PC?

What about your tablet if you own one?

How strong is the password you use to maintain your web site?

As a business owner/director can you demonstrate that you take the security of the data you keep seriously? (Having a password on your PC or web site doesn't count if it's weak)

The Ars Technica article recommends that passwords should now be a mixture of letters, numbers and (preferably) symbols with a mixture of case but not in the common format of a capital letter first, then letters then a number at the end (e.g. Cccccc9999). It might be easy to remember but because everyone does it it's also easy to crack. The recommended length of that password has also changed, to at least thirteen characters.

It also recommends the use of a password safe. I couldn't agree more with both recommendations and always use a password safe ( I use Steganos Password Manager) along with strong random passwords when signing up to a web site. It means that I can never remember a password, but that's what the password safe is for. By doing that I know that the probability of my password being cracked is minimized, although it's impossible to say that it won't be as all that is needed is time and sufficiently powerful hardware.