Risks of a weak password and practical solutions
Risks of a weak password
A password is like the door of a house, if it does not exist or is not robust, it is an invitation to anyone, including criminals, to gain access to your most valuable belongings.
A weak password for a company, therefore, would mean providing access to secret information and personal data of your customers or staff (e.g. accounts, etc.). 
bank details, identification and contact information, tokens, videos).
Anyone can attack the security of your passwords, even if you think your password is secure, since absolute password security is not guaranteed today by anyone or anything.
Today, hackers use very sophisticated methods to crack passwords, using programs designed to test millions of passwords per minute.
For example, a 4-character password takes a hacker an average of 1.36 minutes and if it is only lowercase, 46 seconds, but an 8-character password combining uppercase, lowercase, numbers and special characters would take 2 centuries.
Put a secure password in your life
Properly managing our passwords will protect us from worrying situations such as identity theft, theft of money or private information, etc.
There are many tips that will help you to securely manage the passwords you use on a daily basis, such as those established for e-mail, banking, online services, server access, mobile telephony, etc.
Some of these tips are as follows:
- Use password managers, interesting when you use multiple passwords for different services or devices (e.g. Keepass or Bitwarde).
- Avoid always using the same password for different services or devices. If your password is hacked they will have access to everything.
- Keep passwords secret. Never write down your passwords or save them automatically in the browser.
- Create strong passwords, which should contain at least 8 characters, combining uppercase, lowercase, numbers and special characters. Avoid using simple sequences, for example 12345 or abcdef.
- Change them periodically (at least twice a year).
- If you use security questions, choose those that are easy for you to remember, but difficult for others to know.
Two Factor Authentication
In addition to the above, if you want a formula to ensure that access to your information systems or online services is perfectly protected, we recommend two-factor authentication, which consists of an additional layer of security that complements the use of a password.
This system requires that we know the password and that we prove who we claim to be by providing, for example, a security code that we will receive in something we own, for example an SMS to our cell phone or email, insert a biometric data (eg. fingerprint), etc..
This two-factor authentication is common in critical online banking services, but we can also activate it in certain popular services such as Amazon, Google or Apple among others. To do so, check the existing options in your user account of the service you use.
It is true that some services do not include this two-factor authentication option, but in such cases we can download specific applications, such as Latch or Authy.
And what about the RGPD and the LOPD?
The password policy is part of the Security Policies that we have developed for our customers in the field of data protection, in order to comply with Article 5.1.f of the GDPR, which requires the need to establish adequate security safeguards against unauthorized or unlawful processing, loss of personal data, destruction or accidental damage.
Remember that not complying with the Data Protection Regulation20 Million Euros or 4% of the annual turnover (whichever is higher).
If you do not have a password policy and Security Policies that cover the whole company (teleworking policy, backup policy, network use policy, etc., etc.), contact us and we will tell you how to do it.
[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be happy to help you.[/su_button]