1st October is the start of European CyberSecurity Month and the launch day of Cyber Coach. To celebrate we will be sharing our favourite cyber security tips from our Security Awareness Training courses.

Whatever you think of passwords, one thing is sure – they are a pain, especially when you have to come up with a new one and then try to remember it.

Like any field, cyber security is always changing and developing and what was considered good advice a few years ago is no longer right for today. Take passwords as one example. We used to be told that passwords should be full of random letters and symbols that looked like a Beano character swearing and that we should change our password every month or two. According to the UK’s National Cyber Security Centre, this advice no longer stands.

Regularly changing passwords just makes them less secure

Forcing people to regularly change their passwords tends to result in people picking less secure passwords that are easier for them to remember – in other words things get less secure. So, unless you are running a nuclear reactor or a stock exchange, the best advice is: don’t change your password unless you think someone might have learned what it is. (And then change it right away obviously)

Gibberish is not more secure

Complex passwords – that random spew of letters, numbers and symbols are hard for humans to remember and even harder to type on a phone screen. The result is people make them as short as possible and easy to type by the arrangement of the letters – resulting in a less secure password overall.

You make a password ‘stronger’ that is harder to guess (for a human or a computer) by increasing the number of characters that need to be guessed. And it turns out that length is more important than complexity – because of, you know, math.

Take these two passwords as an example – which one do you think is ‘stronger’?

corner-elephant-orange or s@7uYxJAaV

Well according to the online password strength checker, the gibberish password could be cracked by a computer in about 5 years – whereas the three random words in the easy to enter, easy to remember password would withstand a brute force attack for about 2 hundred septillion years. When it comes to passwords, size really does matter.

So when it comes to picking a new password, especially one that you will need to remember and enter often – Three Random Words is the approach recommended by the NCSC. It works because the passwords are long – if you pick words with 4 or more characters and a symbol between them like in our example.

About Cyber Coach

We provide Security Awareness Training that keeps you safe and meets your compliance needs for standards like Cyber Essentials, PCI-DSS and ISO 27001.

Our training works because it is always live taught by a human, speaking to the camera or in person. No death by PowerPoint or dull animations here.

We’re Cyber Coach – our Security Awareness Training is surprisingly enjoyable, and cost effective.

Talk to us today to learn more.