Overlapping cards with the word 'password' printed on them

Password security

Vix StirCyberSec

Why are passwords important?

Having a password is the most basic level of protection you can have for your online accounts, be it your personal social media accounts, your online bank, or the University Portal. 

The problem is that everything is online now, and everything needs a password. So it may be tempting to make your password simple and easy to remember. Perhaps you have a go-to password that you use for everything, or maybe you write your password down so you don’t forget it.

If you do any of those things, you’re probably in the majority. It can be very challenging to create long, complex passwords that are unique to every service you use… and remembering them all is near impossible. 

However, the problem with simple, easy to remember passwords is that they also easy to “crack”. That’s most likely why the majority of data breaches involve the use of weak or stolen passwords.

Once attackers have your password, they have access to your account and any information stored in it. And even worse, if you re-use the same password across multiple sites, they could gain access to multiple accounts linked to you.

So what can you do to protect yourself?

There are a number of things you can do to reduce your risk and increase the protection offered by passwords.

  • Make passwords long and difficult to guess. Try to make your password more than 12 characters long and use at least one lower case character, one upper case character and one number. You can view the University’s password policy and guidance here.
  • Don’t reuse passwords. It is very difficult to remember unique passwords across everything.  You can tackle this by using a password manager which securely stores your passwords.  All you need to remember is the password for your password manager, and leaving the rest up to your vault.
  • Use two-factor authentication. Where possible, favour services that offer two-factor authentication and enable it.  The way this typically works is that it combines something you know (your password) with something you have (e.g. a generated code sent to your phone) to provide a double layer of protection.
  • Never use a default password. Many devices and applications come with default passwords set up.  You need to change these as soon as possible during your set up process. Using a default password is the same as using no password at all.
  • Use biometrics where possible. Most devices will now let you sign in using biometric authentication (such as your fingerprint or face ID). This is a stronger form of authentication than passwords because they are unique to you. Take advantage of this where you can.

The NCSC recommends you use three random words to create a strong password

A good way to create a strong and memorable password is to use three random words. Numbers and symbols can still be used if needed, for example 3redhousemonkeys27!

Be creative and use words memorable to you, so that people can’t guess your password. Your social media accounts can give away vital clues about yourself so don’t use words such as your child’s name or favourite sports team which are easy for people to guess.

Cyber criminals are very smart and know many of the simple substitutions we use such as ‘Pa55word!” which utilises symbols to replace letters.

Never use the following personal details for your password:

• Current partner’s name
• Child’s name
• Other family members’ name
• Pet’s name
• Place of birth
• Favourite holiday
• Something related to your favourite sports team

CyberScotland Week 2021 (22nd to 28th Feb)

We are sharing cyber security guidance and advice throughout the week to celebrate CyberScotland Week 2021. You can find all of our related posts here and visit the CyberScotland Week website here.