The Dos and Don’t of Creating a Secure Password
System passwords have become a part of our daily lives. We use them at work, for banking, social media, shopping and even watching TV. Despite increased cyber security threats from phishing attacks, malware, ransomeware and hackers, many of us still struggle to create strong, yet memorable passwords.
Believe it or not, the most commonly used passwords are “password” and “123456”. And with many people using the same password across all their accounts, this is effectively an open invitation to hackers.
Creating a strong password
On most sites (including your Really Simple Systems CRM) your password will need to be a minimum of 6 characters long. To increase the strength of a password, we recommend it has at least 10 characters and includes upper and lower case letters, e.g. ‘H’ and ‘h’, numbers and special characters like ‘%’,’$’ and ‘&’.
To help you secure your accounts and data, we recommend the following basic guidelines for password security:
Don’t make your password too short
In an effort to create a password that’s secure, many people go with something like “yR3*m!” The problem here is that the random characters, despite there being only 6, is difficult to remember. At the same time, it’s short enough for a password cracking program to decipher. Your password should have a minimum of 10 characters – the longer the more secure it will be.
Change your password regularly
Whilst there’s no recommended period for how frequently you should change your passwords, you should look to change them from time to time.
Most importantly, if someone else knows your password then you should look to change it as soon as possible.
Keep your passwords securely
Too often passwords are written down and stored in a desk drawer or in a file named “passwords” on a desktop. If they are easy to find, others will find them as well. If you suspect your list has been accessed by others change your passwords urgently.
Don’t make your password easy to guess
As I mentioned above, some passwords are commonly used and, therefore, easy to guess. Other examples include using a row of characters on your keyboard like “qwerty” or “asdfgh” or using your name or a family name. Likewise, don’t use variations on a theme across different accounts, for example. “my_facebook01”, “my_twitter01”.
You may think that one account isn’t very important and that security isn’t an issue, but it could provide access to others if your passwords are similar.
Do make your password easy to remember
Your password doesn’t need to be full of special characters to be secure. There’s been a trend for substituting numbers for letters in words, like “8” for “S”, “3” for “E” and “4” for “A” but again a cracking program will be wise to this. Instead look to create a phrase from random words, either running them together or using special characters to separate, for example “mou8e*penCil^8Creen&bi8Cuit”. Here I’ve also used a rule whereby “8” substitutes “s” and the letter “c” is uppercase.
Use a password manager
Password managers are systems that store your passwords so you don’t need to remember them. Of course, you’ll need a password for the password manager but make sure it’s extra secure and memorable!
Don’t use the same password on all your accounts
Having created a memorable, secure password the temptation is to use it on numerous accounts. If you use a password manager then you don’t need to worry about memorizing each password, or evening making them memorable.
Be aware of the shortcomings of security questions
It amazes me that often, even on banking sites, you’re asked to log the answers to set security questions such as “what is your favourite colour”, “what is your mother’s maiden name”, or a memorable date. I’m sure it wouldn’t take a hacker too long to work out any of these. If you have the option to pose your own questions do and be playful with your
answers – no one is going to question the truth – but do make sure they’re memorable.
There’s no guarantee that even the strongest password can’t be cracked but you’ll certainly make your accounts less of a target.
Password security with Really Simple Systems CRM
Your Really Simple Systems password needs to have a minimum of 6 characters, although we do recommend you follow the rules above to increase your security. All Users Passwords are stored in the system as encrypted text, unreadable even to our technical staff.
When a new user is added they will be emailed a link to activate their CRM access and create a password. The system Administrator can also send them a link to reset their password from the user record by clicking “send this user a password reset link”, or the user can reset this for themselves from the settings tab or from the login page.
Read more about managing passwords on our Customer Support Hub.