Is My Password Strong Enough? | Resources
 
 
Xcina Blog

Is My Password Strong Enough?

Our cyber blog ‘Xcina on Security’ encourages teams to engage in essential cybersecurity discussions and prepare for rising threats.  Peter Lane, our Information Security Consultant writes on news, providing commentary covering a range of cyber security-related issues making the headlines.  


Background

Many organisations are now promoting the use of strong passwords, and where possible, configuring their systems to enforce complex rules that prevent the user choosing ones that may be guessed easily.
User passwords remain among the most commonly exploited vulnerabilities.

An Uber external contractor had their password hacked in September 2022, resulting in internal and privileged systems being compromised. Previous years have witnessed similar, large scale breaches which have been attributed to weak passwords including at Microsoft, SolarWinds, Ticketmaster).

Organisations are now opting to invest in Password Managers or Multi-Factor Authentication (MFA) which provide an increased level of protection, although no single strategy is failsafe against hacks as evidenced in recent cases with Microsoft and Uber.

 

Did you know the time it takes a hacker to brute force your password in 2022?

 

*Source: Hive Systems (Are Your Passwords in the Green? (hivesystems.io))

 

In an annual survey and ebook published by LastPass on Psychology of Passwords 2022. The findings based on 3,750 respondents revealed that ….

     

…..of respondents always or mostly use the same password or a variation

 

…. changed their password after they were informed a data breach had occurred

 

…. stopped reusing passwords after receiving
cybersecurity training.

 
 


What Needs To Be Done?

Investment in employee awareness and training is vital, enforcement of strong password policies and being wary of and reporting any unusual behavior such as unsolicited ‘sign in MFA requests’.

Xcina Consulting, The National Cyber Security Centre (NCSC) and the UK Cyber Security Council advise:

  • Passwords MUST be a minimum of 12 characters
  • Passwords MUST contain a mixture of ‘upper’ and ‘lower’ case letters
  • Passwords MUST include special characters ( such as !=”£@)
  • Users to change Passwords on first use
  • Users to change passwords every 90 days
  • Ensure users cannot reuse any of their last FOUR passwords
  • If possible, employ Multi-Factor Authentication (MFA)

This will also meet the requirements of various standards (PCI DSS, ISO 27001, Cyber Essentials, NIST etc)

For more information on how we may help you, contact info@xcinaconsulting.com.

 


 

What does the future hold for Data Protection in the UK?

 

Read more >>

 

 

 

Xcina Consulting are hosting a seminar on Thursday 1 December.  We will take stock of where organisations are on their data protection journey and discuss recent privacy developments, taking into account the UK government’s proposed post-Brexit reforms.

Meet with Glen Hymers, from the UK Government Cabinet Office and a panel of Data Protection and Privacy Officers including:

  • Evie Kyriakides-Stenhouse, Group Head of Privacy and Chief Privacy Officer for beauty brands Natura, Avon, The Body Shop, and Aesop
  • Catherine Bowen-Walker, Group Data Protection Officer for Vitality Health & Life Insurance
  • Giulia Carnà, Data Protection Counsel at the global payment systems company ACI Worldwide (EMEA)
  • Natasha King, Data Protection Officer at employee experience platform Unily.

 

Cabinet Office

Glen Hymers
Head of Data Privacy
UK Government Cabinet Office

 

We’d love to hear from you

To discuss how the areas highlighted in this post, or any other aspect of risk management, information governance or compliance impact your business, speak with our team, tell us what matters to you and find out how we can help you navigate complex issues to help you deliver long term value.

If you have any questions or comments, or if there’s anything you would like to see covered, please get in touch by emailing Xcina Consulting at info@xcinaconsulting.com. We’d love to hear from you.

Peter Lane

Information Security Consultant

Speak to me directly by Email, or
Telephone: +44 (020) 3745 7820

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>