22 October 2019

Creating stronger passwords

Hey there and welcome back to another edition of
the Hussey Coding blog.

In recent blogs, we have been looking at Cybersecurity, what it means, what you need to know and why it's so important. In this blog, we'll be looking at one of the simplest ways you can help keep your stores and sites secure and yet one of the most overlooked methods ever!

Everybody uses passwords these days they've become one of those facts of life but are they secure? Are they strong enough to keep people out, or are they so weak that anyone could guess given enough information? Maybe you are reading this and feeling really confident about your passwords strength, but what about Dorris in shipping? Or Luke over in online sales? How secure are their passwords?

Here's a list of 10 things that you can do or introduce into your company to help keep not just your business safe, but your staff and customers safe too.

#1 - Size matters!
Create a password that is over 8 characters long, the longer it is, the harder it will be to guess.

#2 - M1x 1t up
Throw in some uppercase and lower case letters but don't just stop there, numbers and symbols are also a gr8 Way 2 sT0p an @ack3r gu3ss1ng Y0ur PassW0rds

#3 - 3's a crowd
Don't bunch up your numbers and symbols, for example, Huss3yC0d1ng is much harder to guess than HusseyCoding123!

#4 - It's not personal
Steer clear of using personal information, a pet's name, a favourite place you brag about visiting every weekend, your maiden name etc.
Sure your password needs to be memorable but, that doesn't mean it has to be easy. Also, unlike the example above, try to avoid using companies names or references.

#5 - It takes 2 baby!
Two-factor authentication is an amazing little tool in helping keep your business secure and, you should use it whenever possible. Two-factor authentication is basically when a site will send you a PIN to input on logging in as well as your password. It is a feature that Magento supports and is mandatory from M2.4.0 on the admin panel.
Follow the link for a guide on setting up two-factor authentication by CLOUDWAYS on anything pre M2.4.0- HERE.

#6 - Get creative
Use different passwords for different accounts. Yes, it can be annoying having to remember them all but having just one password to rule them all is not good security!

#7 -Memories, all alone in the moonlight!
Don't store your passwords! Either physically or digitally as these are easily stolen, lost or passed onto undesired parties, giving hackers easy access to your store and other accounts. However, if you simply have too many passwords to remember, you can always sign up to a password manager.  Some of the services available are LastPass, Bitwarden or Keeper, you will only need to remember the one master password while the others are securely stored.
 
#8 - If you've got it, use it
If you use a mobile device to work then make sure you secure it with a secure password/number or when possible, enable fingerprint or facial recognition.
 
#9 - Ch-ch-ch-ch-changes
Change your password regularly, especially when people leave your company or contract ends with third party providers. A good number of security breaches happen because a disgruntled former employee or someone from a third party company still has access to sensitive data and decided to take advantage.
 
#10 - Log out and switch off
Log out of apps and sites when you are done using them, staying logged in is a great way for hackers to access your accounts, the log out button is there for a reason, use it.
On the same note, when you are finished with an application, don't forget to delete it and remove all permissions you may have granted it. Especially on your mobile device, all your gear might be secure but remember that game you used to play about 6 years ago that you never logged out of? How secure is that now?

Now I know we said this would be a list of 10 things but, because we like you so much and because you stuck with us to the end we're going to throw in a bonus tip.
 
- Adopt a password policy
Adopting a password Policy for your company will ensure that everyone is on the same page. Ensuring that you and everyone else who has access to sensitive data are not reusing old passwords or creating weak ones is vital.
A study performed by the University of Indiana found that making longer, complicated passwords mandatory almost stopped University staff reusing passwords and helped the overall security of the University.
Follow the link to read the full article HERE.
 
Thank you for giving us your time today and, we hope that this article has helped you and your company get that little bit more secure.
If you have any questions about this article, please feel free to leave a comment or contact us using our various details listed below.
Thanks again and until next time, stay safe and have a great day.

You can also join all the fun on our various social media profiles
Facebook - facebook.com/husseycoding
Twitter - twitter.com/husseycoding
LinkedIn - linkedin.com/company/hussey-coding

Sign up to developer connection at www.developerconnection.co.uk
Facebook - facebook.com/DeveloperConnection
Twitter - twitter.com/devconnectionuk
LinkedIn - linkedin.com/company/developer-connection

No comments:

Post a comment