Helping your business to do more business
Tuesday, 21 August 2012
I came across this article earlier today: Why passwords have never been weaker and I urge you to read it. For anyone running a web site or a network its message is quite worrying, basically with the data and hardware available to them it has never been easier for a hacker to break a password. Any way you look at it that's bad news.
As a business owner or director you are responsible for the data that your company keeps, this is set out in law. The Data Protection Act sets out what those responsibilities are and what remedies are available in law should you fail in those responsibilities. Just because a business is small it doesn't mean that its responsibilities are any less than those of the government departments and big corporations whose data protection failures make the news.
How adequately is your data protected?
The Ars Technica article recommends that passwords should now be a mixture of letters, numbers and (preferably) symbols with a mixture of case but not in the common format of a capital letter first, then letters then a number at the end (e.g. Cccccc9999). It might be easy to remember but because everyone does it it's also easy to crack. The recommended length of that password has also changed, to at least thirteen characters.
It also recommends the use of a password safe. I couldn't agree more with both recommendations and always use a password safe along with strong random passwords when signing up to a web site. It means that I can never remember a password, but that's what the password safe is for. By doing that I know that the probability of my password being cracked is minimised, although it's impossible to say that it won't be as all that is needed is time and sufficiently powerful hardware.