We strongly recommend you create a unique password for every account and/or supplier you use.
The reason for this is that once an organisation's security is breached the bad people use what is called "credential stuffing". Credential stuffing is an automated process that takes each user name and password (of the many millions they have) in turn and attempt to access as many other organisations as possible. Since most people use the same user name (usually their email address) and password this allows access to many, many other organisations.
Creating a unique password for every supplier may sound daunting but there are a couple of options:
1. We recommend you use a password manager - none of them are perfect but are much, much better than nothing. We use LastPass for Teams, you may want to look at LastPass Premium or Family. See here for details.
2. Alternatively, use a manual process - this isn't as good as a password manager, but it does provide you with a rough and ready unique password that you will always remember. For this you will need to create a pattern- an example follows, but feel free to create your own:
a) Take two unrelated words eg "greasy" and "cumulous". So your password stem right now is "greasycumulous".
b) Add a number to the beginning or end of your password stem eg 173greasycumulous
c) Add a non-alpha character to the other end of your password stem eg 173greasycumulous@
d) Convert your supplier to one or two upper case characters, so John Lewis would convert to "JL". Insert this between the two original words eg 173greasyJLcumulous@
e) Your BT password would be 173greasyBTcumulous@, Twitter account password would be 173greasyTcumulous@
f) Whatever pattern you choose should include lower case characters, upper case characters, numbers, special characters and no repeating characters or numbers (eg aa or 33).
g) You will have noticed that your unique passwords are very similar to each other, but different enough to avoid the automated credential stuffing technique the bad guys are using.
We have a short security presentation that covers the above in more detail.
Comments
0 comments
Please sign in to leave a comment.