Almost every day you are likely to hear some mention of Cyber Crime, whether this is through fraud or websites being compromised. The clear message is that there is now a lot of data that appears to be getting stolen. Some of that data could be extremely sensitive and, even more critically, some of that information could hold usernames/passwords.

With so many sites and services now requiring you to register, the age-old password challenge is becoming more of a problem. I believe this is critical even more so now as more of our lives are becoming digital. Have a think about the following image:

Although this may bring a smile to your face or even make you chuckle, the reality is that this is probably closer to the truth that you may realise. We would clearly have no idea about what they do with our password and the chances are that we are simply looking for the secure padlock in our browser and believe all is good. Sadly, at times, this can be far from the truth.

We can all take some very simple and easy steps to help protect ourselves though;

  • Use different passwords for your important accounts and don’t use your email password on your favourite website.
  • Be creative with your passwords to make them strong. Pa55word! is actually not that strong. Try three memorable words and add numbers and symbols if required eg 5bluehairycar27!
  • Use two-factor authentication on your email account.
  • Don’t use any personal details for your password:
    • Current partner’s name
    • Child’s name
    • Other family members’ name
    • Pet’s name
    • Place of birth

Strong passwords do not need to be complex. What appears complex to us is not only difficult to remember but can be simple for computers to guess as we tend to use simple substitutions in words e.g. 0 (zero) = o, 5 = s, 3 = e

Where available you should make use of two-factor authentication (2FA) or multi-factor authentication (MFA) and, in particular, this should be in place with your email account. 2FA provides an extra layer of security, as it means your account can only be accessed on a device that you have already registered. When you first log-in with a new device you are asked to complete a second step after entering your password.

Office 365 provides MFA as part of the solution and is simple to enable. You can enable a number of options to the second verification step such as a code via SMS, call or use their mobile authentication app.

Enabling Office 365 MFA is as simple as:

  1. You must be an Office 365 Global Admin to do these steps.
  2. Go to the Office 365 Admin Centre.
  3. Go to Users > Active users.
  4. Chose More > Multifactor Authentication Setup.
  5. Select the user(s) and choose Enable under quick steps.

After you enable MFA, give the following instructions to your teams to set up their second verification method for Office 365:

Hopefully, this has provided some food for thought. If you need any help with your Office 365 MFA configuration then please get in touch.

What’s in a password?

by Dean Baldwin time to read: 3 min