IT security isn't complex
Toby Griffin Head of IT
3 min read
Tuesday, 10th May 2022
There are a lot of buzz words in the world of IT security, but most of them are just confusing. Do biometrics and heuristics mean anything to you? They certainly don’t need to.
Every IT security person will tell you different things. You must use password managers. Every password should be unique. You should regularly change your passwords. The only problem is that it’s not realistic to expect people to do this.
There’s only two key things you need to know to help keep you, your devices, and your personal information safe:
- Passwords should be long, not complicated.
- 2 Factor Authentication (2FA) should always be enabled when possible.
If you’re still reading at this point then you probably want to know a little more detail about those points. Luckily for you, I love talking about them.
PASSWORD LENGTH
Which of the following passwords look more secure to you?
L3m0nB4n4na@
LemonScentedBananaCandle
If you guessed the first one, then you’re wrong. According to security.org it would take an average computer 34 thousand years to crack.
If you guessed the second one then give yourself a pat on the back. It would take an average computer 100 sextillion years to crack. I don’t even know what that number is, but it’s huge.
Someone who tries to crack passwords doesn’t use just one average computer. They use networks of computers which can act like a supercomputer to drastically reduce that 34 thousand years into just a few hours - or even minutes.
PASSWORD MEMORABILITY
Using those same passwords from above, which do you think is more memorable?
L3m0nB4n4na@LemonScentedBananaCandle
This one’s easy. It’s the second one!
If a password is memorable, you’re less likely to write it down and less likely to, well, forget it.
PASSWORD REUSE
By this point I’m sure you’re loving all the questions so here’s another. Should you reuse your passwords?
Absolutely not.
Does everybody reuse passwords?
Yes they do.
While not great, that’s just how it is. IT guys can spend hours advising against this, but people (me included) sometimes do reuse passwords. This is where 2FA comes in.
WHAT IS 2 FACTOR AUTHENTICATION?
2 factor authentication is a second step you need to take after entering your password to then be granted access to your account. Now let’s pretend I’m a hacker. I’ve got hold of your password and try to log in to your iCloud account to message your mum and ask her for money. I pop your email address and password in, but then I hit a barrier that means I can’t get any further.
iCloud will automatically text you a secondary code you need to enter on the website to be able to get in. As I don’t have your phone with me, I can’t log in and your account remains secure.
WHAT HAS 2FA GOT TO DO WITH PASSWORD REUSE?
If a hacker got your iCloud password and you use that same password for Paypal, your emails, Netflix etc, then that hacker can log in as you in all those places. This is the main reason why you shouldn’t reuse passwords.But if you do reuse (just like I do for Disney+ and Netflix), then 2FA will stop someone being able to log in as you. They don’t have your phone, so won’t know the code you get texted.
IT SECURITY ISN’T COMPLEX.
Just remember the key points.
- Passwords should be long, not complicated.
- 2 Factor Authentication should always be enabled when possible.
Follow this and your IT guy will be happy, and your accounts and data will be secure. Simple, right?
If you’ve got any questions feel free to connect and drop me a DM on LinkedIn. Just don’t go sharing your passwords and asking me if they’re long enough.