A Quick Guide to Passwords and MFA

lego figures lying down with keys

Despite the leaks, the breaches, and the endless privacy risks, many people were still using simple, easy-to-guess passwords in 2019. In fact, the list of the top 100 worst passwords of 2019 released by SplashData is nearly identical to the 2018 list. 

We spend quite a lot of time explaining to our clients why strong passwords matter, just to find out later on that they change their passwords to things like ‘12345’ or ‘qwerty’. Because of that, we decided to write (yet again!) about secure passwords and how to manage them.

What is a weak password?

Passwords shouldn’t be too short or easily guessed for example “password” (or anything on the list of the worst passwords), your date of birth, or your name. You also shouldn’t use the same password for multiple accounts. This is because if one of your accounts is breached, the password you use for it could be used to get access to your other accounts.

What is a strong password?

Your password should be long, contain numbers and special characters. It could be a random string of letters, numbers and special characters. This will be very difficult to guess. Your password should also be completely unique for each account you use.

‘But it’s so difficult to remember multiple random passwords!’

Think of passwords that are complex (containing numbers, upper and lower cases, and special characters) but meaningful to you. Alternatively, you could use a password manager that will securely store all your logins.

Password Managers

Password managers can do much more than just securely store your passwords. They allow you to store other sensitive information and share it, as well as your logins, with other users within the company. They are extremely helpful if you have lots of different passwords for all of your different accounts or if you share some accounts with others within the organization. 

The password manager that we use at Dial A Geek is called LastPass and it really makes a difference. It even auto-fills our usernames and passwords to make it even easier to log in to our accounts. LastPass also has other great features, such as being about to generate random passwords when you create a new account/update your password or auto-filling web forms with information like your name and address. Its security challenge will audit all of your passwords and let you know how you can increase your security by making your passwords stronger or creating completely unique ones.

Speaking of secure logins it is difficult not to mention Multi-Factor Authentication, or MFA.

What is MFA?

Multi-Factor Authentication (MFA) comes in many different forms but ultimately means that just having username and password isn’t enough to log into your account. A successful login requires a second form of authentication, such as entering a one-time code that is sent to you via SMS, email, or an authenticator app. Another common form of MFA is an authenticator app allowing you to confirm login within the app rather than entering the code in the login screen.

Why use MFA?

MFA makes the authentication process stronger by adding an extra level of security. MFA means that even if someone has your password they still won’t be able to get into your account without passing your MFA. So even if your password is weak or has been stolen, you’re still protected. Most of the time, you will also get a notification if someone tries to log into your account which will alert you to possible intruders and allow you to take action.

If it sounds like you’ll waste your precious time every time you log into your accounts, don’t worry. Most MFAs allows you to remember the device you sign into (whether permanently or for a set amount of time) so that in the future you will only need to use MFA on new devices. There are multiple different types of authentication methods so you can use the ones that work best for you.

You can read more about cybersecurity here and if you think you may need some more advice on passwords storage, sharing, and MFA – give us a call on 0117 369 4335 or send your questions to [email protected].