Once upon a time, back when using the internet meant that nobody could make a phone call at the same time as posting to MySpace and Amazon just sold books, someone sat atop a mountain and carved into stone their initial thoughts on what good online security looked like.
Their thoughts around passwords were:
To mitigate this it was therefore decreed:
Thus were the legions of the dark banished and all was secure in the world wide web.
However, what was overlooked, was that because people are lazy they will:
So when LinkedIn, for example, were hacked a few years ago and passwords revealed, the sharing of formats meant that the other systems the user used were immediately accessible to the bad guys.
The National Cyber Security Centre publish a range of great advice for small businesses around improving security, and they have some more modern advice for passwords based upon the premise that people are lazy and current passwords are easy to guess (even with a ‘!’ instead of ‘1’ or ‘I’):
It is better to keep hold of a good password than to regularly change a bad one for another bad one.
There’s more great advice in the NCSC’s guide for small businesses here
Agencies - June 27, 2022
Blog - June 20, 2022
Blog - June 13, 2022