Are passwords still safe?

David Ford


We looked at simple processes to help you and your people, at work or home, develop strong different passwords for every application, which is the first step in defending networks, systems and devices against malicious action. Now we look at simpler ways to create passwords to keep you safe.

Random password generator

There are many free password generator tools available from leading cyber-security organisations, which work locally on your computer to ensure there’s no risk of your choices being compromised. You just generate new passwords until you find one you think you can remember.

It pays to type it out repeatedly, until you achieve muscle memory, but given how many passwords are needed for a normal level of online activity, it’s a secure approach, if a tough one.

Particularly security conscious individuals will use the random password generator method, but make no effort to remember it. Instead, they rely on the ‘forgotten password’ routine to create a new password every time they access the application.

To some it might seem excessive, but the routine usually acts like two-factor authentication and the hacker would also need access to your email or phone. And if you can’t remember the unique password of alpha-numeric characters, what chance do hackers have?

Two-factor authentication and password-free logon

The technology industry is moving swiftly towards two-factor authentication (2FA) and multi-factor authentication (MFA), which add an extra layer of protection and require something in addition to your password, like a code sent to your phone, biometrics (fingerprint, eye scan, etc.), or physical interaction with a keypad perhaps.

However, many now recognise even this approach has its weaknesses, as hackers have successfully intercepted the access codes sent to mobiles with sim-swap scams and created fake websites to steal log-in details and the SMS code received, which they use to access your account before you do.

Although not perfect, two-factor authentication is still better than a password alone and more resistant to large-scale cyberattacks. But the future looks set to be password-free, if Microsoft has any say in the matter, as it continues to push alternatives to remembering a string of characters.

Microsoft offers three no-password logon options for its online services on Windows machines:

  • a hardware security key combined with Windows face or fingerprint recognition technology;
  • a hardware key combined with a PIN code;
  • or a phone running the Microsoft Authenticator app.

Microsoft is partnering with hardware security key makers like Yubico, to push for users to choose password-free logon, adopting the new FIDO (Fast Identity Online) standard, which claims to make it easier for device makers and websites to embrace no-password logon.

Choose and use a password manager

Once users understand the need for strong passwords that they change regularly and know not to use them for more than one account, remembering all them can be a problem. This problem creates risk, as people revert to type and re-use passwords or switch back to easy to remember passwords.

Password managers are readily available and when used effectively should form an integral part of your approach to improving cyber security for all your users, in the office or working remotely. They offer a range of benefits, including:

Forget remembering – everyone can use longer and stronger passwords, taking advantage of the latest advice for making them secure, without worrying how to remember them.

Stronger passwords – remove the worry of trying to remember passwords ever again and your people will choose more complicated passwords and make them different for every account.

Access quicker – your people simply type a single password and then each access point is automatically populated with the appropriate username and password. Simple

Shared accounts – a password manager can also help manage who has access to which accounts, whilst allowing you to change the password as necessary.

Explaining the risks is not always enough, so introducing a password manager can help you and your people stay in control of cyber security by removing the hassle of trying to remember all the different logins and passwords.

Time for an Eloquent solution?

When the world is focussed on the hacks, the ransoms and the fallout, we hope our blogs on the need for and best way to create strong passwords has helped highlight this important first-step in beefing up your cyber security, in the office and at home, for work or pleasure.

We offer a range of Eloquent cyber-security solutions that provide the ever alert security you need in an increasingly dangerous online environment. Whatever the unique needs of your organisation, we will start with an in-depth security audit to discover any vulnerabilities and then tailor a solution.

To keep you, your business and your data safe, dealing with threats from without and within, we can provide everything from a 24/7/365 Security Operations Centre staffed by security experts to an advanced range of BaaS and DRaaS solutions to mitigate the impact of a cyber-attack.

An Eloquent solution provides advanced threat detection and threat analysis reporting, whilst monitoring and logging network assets to prevent rogue device infiltration.

And it’s all designed to augment existing system and software patch management, with full scalability that keeps pace with your system growth to ensure you remain as safe as possible from hackers. Let’s discuss your needs today and we can start the journey towards total cyber safety.