Password Security

Almost every security conscious company has strict policies for managing passwords in the workplace. There is usually a Password Policy section in the Employee Handbook and so can be a disciplinary offence if the policy doesn’t adhere too.

In practice, this usually means sticking to guidance on the length and type of characters that can be used to make up the password how often employees should change their password. Some server-based systems will automatically force users to change their password according to the policy, others will remind staff about the need to change their password periodically.


Where a network intruder or hacker doesn’t have a password they will often use what is known as a ‘Brute Force’ attack, this is where a computer automatically tries multiple combinations of letters and numbers to find the password. Their brute force software usually includes a dictionary of commonly used passwords and commonly used words and phrases. You can find more info on Brute Force Attacks here

The Password Policy may also include causes forbidding passwords to be shared or written down. Of course, there comes a problem when a member of staff needs a strong password with a mix of characters but aren’t allowed to write it down, this often leads to support requests for ‘forgotten passwords’.

Never the less, this guidance is in place for good reason, the easier a password is to guess the easier it is to crack and the weakest point place in any Password Policy is usually the members of staff themselves. Staff who write down passwords or share them with other members of staff are putting the entire system at risk of being hacked.

Many businesses realise that needing staff to change passwords too often (once a month, let’s say) could be a problem, mainly due to the sheer number of passwords people need to remember, it’s easy to forget them.

So at work people will usually adhere to the strict password regimes but it is often different when they at home. Which is odd because at home it is there personal data that is at risk, not some employers.

As a local computer repair businesses, we are often asked for advice on managing passwords and whilst keeping a notebook might be a tempting option, it isn’t really the safest.

In late 2013, hackers stole nearly 2 million usernames and passwords for email accounts from Yahoo and Google, as well as for Facebook and Twitter accounts. A review took place of the stolen accounts, researchers discovered that thousands of people used the very ordinary so-called passwords to access their accounts. They felt that only five per cent of the stolen passwords were considered “excellent, ” and only 17 per cent were “good.”

The rest were just too easy for a skilled hacker to break. Using ‘password’ or ‘12345’ or ‘Mary120594’ just isn’t good enough. Of course, having a password is a step in the right direction but the best advice is to take a moment and make it a password a 10-year-old hacker couldn’t break whilst on lunch break during school!

  1. Use the following tips to make a safer password. Use better passwords
  2. Make passwords longer. The experts say a password should be at least 12 characters long
  3. Use combinations of letters and numbers; mix upper and lower case letters, and add in symbols such as “!” or “@.” Although Pa55W07d1a2b3c is better than nothing you won’t fool a brute force attack!
  4. Makeup words. Avoid using words out of the dictionary and adding them, like “catmouse” Experienced hackers crack passwords by going through databases of known words. This software knows about these sorts things tricks as adding numbers and symbols.
  5. Don’t use the obvious. For instance, don’t use your name, company name or home town, for instance. Easy to find out dates of birth, postcodes, family names, pets and hobbies are ones to avoid too.
  6. Use one password for each account and avoid making variations of it by adding a ‘1’ or ‘2’ or ‘!’ to the end. Once a hacker has a known password and email address they will often use this information to attempt to hack into other accounts you may have.
  7. Don’t write down your passwords in a notebook or computer file or on your phone. Think about offline attacks, a burglar would love to have that notebook, whether it was stolen from your home or from your bag or even from a file on your computer.
  8. Change your passwords frequently and don’t share them.
  9. Consider an encrypted Password Manager service, LastPass, KeePass and DashLane are some examples of a password manager.