Six tips for keeping yours and your business’s data safe with some password best-practices.

While things like the POPI Act and the GDPR are there to ensure that our personal information is handled ethically, this does not mean that your information is necessarily safer.

Yes, these regulations set strict guidelines for the security methods and means for your data to be stored, but never forget that passwords are usually, by default, the main method for logging-in securely to anything.

It’s always important to remember that idiom: ‘a chain is only as strong as its weakest link’.

And no, this is not Anne Robinson looking at you with the stony expression; you’re not going to be voted off the Game Show of Life because of a few bad passwords—but your data, and your identity, might as well be.

The first line of defense

Passwords: everyone uses them.

Be honest: how many different passwords do you really have? Do you use the same password for everything, because it’s convenient?

Or, perhaps, you think you’ll outsmart those hackers out there by using different variations of the same password?

The answer to that is pretty simple: not really.

We know how you feel: being expected to have dozens of unique passwords for each and every different service we use online is pretty much impossible possible and is a bit too much to ask for.

Things like encryption and two-factor authentication go a long way to make your time on the internet safer—but here’s another overused proverb for you: ‘better safe than sorry’.

Passwords are the first line of defence for online privacy and security and, as a result, are also the most vulnerable—so making sure that they are strong is essential.

How to (not) hack

Tips for making good strong passwords.

Luckily, there are password “best practices” to follow to make sure that the gate to your personal information is well guarded.

Here are a few things to think about when making a password:

1) Don’t write anything down

The first rule of Password Club is, ‘Don’t talk about Password Club’, (so is the second, actually). However, at the risk too much repetition, the third rule is different, and it goes like this: ‘Never write down your passwords’.

It can be tempting, especially for harder passwords, to write them down on a piece of paper or Post-it note somewhere and keep them close by—but that is not the wisest choice. All a hacker needs is a piece of rubbish with a password scrawled on it. If you do, make sure to keep it somewhere safe.

2) Keep it simple

It might seem a bit counter-intuitive, but there is a good enough reason behind it: longer, more complex passwords mean that there is more likelihood to write it down in order to remember them. The average person can only remember 10 characters at a time, multiply that by however many different passwords you may have—I’m sure you see the problem (see point 1).

For the same reason, while you should change your passwords regularly, being too regular increases the risk of writing it down as well.

3) The 8+4 Rule is Mathematical!

Following this rule is handy hack (excuse the phrase) to make sure your password is strong.

This is it what it means: at the very least, use eight characters and ensure that it includes at least one number, one special character, one uppercase and one lowercase letter. The more random, the better.

4) Make it Weird

Random letters, numbers and symbols are great but don’t be afraid to get ‘“out there” with unique phrases. Things like acronyms and sentences are a good way to foil one of the most basic tools of a hacker’s arsenal: the Dictionary Attack, which uses programs to sort through thousands of words lists from dictionaries.

Using a phrase, mnemonic or acronym all help for remembering your password, and doubly help in confounding would-be hackers—but just remember to also insert special characters and numbers to make it as difficult as possible.

5) Circumvent lexicon locutions

Or, to put it a bit more simply: avoid dictionary words.

No matter how clever you feel about making your password floccinaucinihilipilification, all it does it make it super easy for a hacker to find the word you’ve used because they all feature together in one handy and easy to navigate list: the dictionary, which already narrows it down considerably from just a bunch of random numbers and letters.

And, trust is, floccinaucinihilipilification is a pain to type out every time.

6) Double down

Two-factor authentication (2FA) might seem like a slight pain because you’ll have to dig out your mobile phone from your pocket or bag every time you have to enter a password, but it is invaluable to your online security.

In fact, we recommend you start going to all the sites you use frequently and turning the feature on. This extra level of protection ensures that you, and only you—or a person that has access to your digital device—can log into an account.

Apps like Google Authenticator or Authy are made exactly for this purpose and have features like fingerprint scanning (if your device has the feature) to ensure that only designated people have access to it. That’s really like two levels in one.

Police or policy?

Having a strong password policy as a business is crucial.

Good, robust password policies are crucial to ensuring the security of your business.

Companies should have their own password policies in place to ensure that their employees keep vigilant with their passwords that link to valuable business information and trade secrets.

Limiting access makes sense, right? Having the password to a nuclear bomb be “123456” just isn’t  good idea.

Often you’ll find that platforms will have unique requirements, often much like the list above, to make sure that they remain secure. You might be required to make sure your password is a certain length and that it contains at least one special character, otherwise the platform simply won’t accept the password.

At Digital Cabinet, we take the security of your data seriously. We have to, because it is important to you.

It’s entirely up to you how far you want to go with your password security, but our platform does have the option to enable two-factor authentication, and/or to be prompted to change your password every few months. Combined with our encrypted cloud services, and other security countermeasures, you won’t have to ever worry about your data ever.


You can find out more about Digital Cabinet at www.digitalcabinet.co.za

And if the worst ever does happen, all our training at Password Club has us stronger and tougher than ever.

Leave a Reply

Your email address will not be published. Required fields are marked *