Back in 2002, the Greek entry by Michalis Rakintzis ‘SAGAPO’ for the Eurovision song contest came 17th. I’m sure Michalis won’t mind me sharing with you just how pertinent his lyrics are.
Hey (Hey, hey, hey, hey)
If you wanna get my love (Love, love, love, love)
If you pray for me and hope (Hope, hope, hope, hope, hope)
Give the password (Give the password, the password)
(The password, the password)
Of course, it’s a love song. He’s not singing about IT, I get that. Passwords, a phrase, numbers, characters to get into something have been around a while. We’ve been logging into computers since the early 1960’s, Increasingly so, we have to be even more super secure with the important things that we hold in computer storage.
Two decades earlier, the infamous Enigma machine of World War 2, how one combatant was able to send radio messages that were indecipherable to anyone outside of their use. Once the code/password was cracked (thank you Alan Turing), then the messages were easily understood. Interestingly, the enigma machine was first designed for business use to relay private messages in the 1920’s.
Even Napoleon 200 years earlier, used a semaphore system to message his armies. This was eventually hacked a few years later, by two Frenchmen for personal gain in the financial markets of the day. Julius Caesar (100BC) used one of the earliest encryption algorithms, a simple cipher to keep messages secret, using a displacement alphabet, a technique which required an early form of password at the other end to be able to read it.
15 billion stolen passwords are up for sale on the Dark web taken from social media, streaming and online banking services…is yours one of them?
Cracking passwords has a long history. Now that computers hold a lot of our prized possessions; from money, business information, our identity, if a hacker can get into one business computer, they may be able to get into your network and then hold your company at gunpoint, or perhaps I should say computer point. That you cannot use your company systems until a ramson has been paid – hence the rise of firewall and ransom-ware technology to stop that.
Modern day hackers really know their business, using all sorts of fancy titles for their spy-craft, Phishing, smishing, vishing, spear phishing, URL phishing, whaling, email spoofing, to name but a few. Back in 2001 it would have taken a hacker three years to crack a simple code, the same password today can be cracked in 9 weeks.
Did you know that 123456 back in 2019 was the most common password used?
If you locked up your home up as you left for work this morning, then treat your online life just as important the real world. It needs to be secured. The worse thing about passwords though, is that we are asked to remember multiple passwords for both home and work. So, people will try and reduce the strain and use the same simple password for multiple sites, often putting them on post it notes near the computer, typically in the drawer, or pens holder!
Another bad habit, that businesses adopt is to use all but the simplest of passwords. Did you know that 123456 back in 2019 was the most common password used? How does this happen? Twenty years ago, the world was less password driven; today we are asked for information for entry all the time. On average we can have up to 70-80 passwords swimming around in our head. People get lazy, security fatigue sets in. No one ever believes it will happen to me.
Yes, its true, birthdays: pets’ names, street address, maiden names, birthplace, favourite football team, even the word ‘password’ are amongst the most common password types. Its possible that nearly 80% of all cybersecurity breaches are because of weak or stolen passwords. For a professional hacker, it can take them just 6 hours to hack into an employee’s computer if they use this personnel style of password. Take a note from the consumer world, nearly a million people are scammed EVERY DAY.
How can I protect my business?
According to the National Cyber Security Centre:
‘Ensure that the organisation has adequate policies approved and owned by the board that set out the risk management strategy for the organisation as a whole, and that cyber security is considered in other organisational policies where appropriate. You should ensure that your board collectively has a good enough understanding of cyber security that they understand how cyber security supports their overall organisational objectives. They should get the information they need, in a format that they understand, at the time they need it to enable decision-making’.
How can I stop my business getting hacked, and paying the price for it? Don’t just rely on passwords, because they are not infallible. Use unique passwords that are complex, strong, unique and the longer the better. Consider also using a VPN line, a virtual private network (not a free one). It is a secure encrypted connection between you and the internet, that allows your users to send and receive private information.
Absolutely consider two-factor-authentication. It’s so simple to apply that extra layer of security to your IT Systems. How does it work? First, you’ll be asked for a username, email, phone number, and a password. And then, 2FA as they call it, kicks in, just before you can access your system. You and only you will have to provide another piece of information, it might come to you via your mobile phone, or through a hardware token with a rotating code every 30 seconds. It might even be the use of your voice, fingerprint, or super hi-tech eye scan. Then when the system 100% believes that you are who you say you are, then you can gain access to your system, safely, securely.
Perhaps, in the future, if the Greek Eurovision song updates itself, maybe the lyrics will go like this:
Give me the password, give me the username
Plus use two factor authorizations,
using upper case lower case, and 12 letters long,
and 2 numbers, and a character please.
(The password, the 2FA password)
And a date for your diary, National Password Day…. May 5th, 2022