0121 2856002

Passwords and 2FAThere are some nasty people out there who want your data, so they can use it to scam you and your customers. Passwords are normally the first line of defence when it comes to protecting your online accounts, and measures such as multi-factor authentication improve on that.

So what are the best practices when it comes to setting your password, and why is mult-factor authentication so important?


Passwords are seen by many as a pain, but they are often the first, and quite often only, line of deference against a hacker gaining access to your account details. It, therefore, pays to make sure your password, and the passwords used by those within your organisation, are strong.

A good password is at least 8 characters long and has a combination of letters (both upper and lower case), numbers and special symbols. There is an important caveat to this, and that assumes the system you are logging into has protection against brute force attacks (where a hacker will bombard a login system with every possible password combinations until the right one is found) . Brute force protection comes typically in the form of a lockout when so many incorrect passwords are entered. For any system which doesn’t have any brute force attack protection (like most Wifi networks!), then the absolute minimum length needed to stand a reasonable chance of stopping a hacker becomes 12 characters.

Our advice for picking a new memorable password is to take two meaningful words and put them together.  If you have used a pets name as a basis of a password, double it up by adding a verb. For example, if you had a dog called Rover, and he liked to play fetch, use ‘RoverFetch’ as the basis of your password (notice the capitalised first letter of each word). Memorable but very difficult to guess.

Next to make it that even harder, replace some of the letters with numbers or symbols.

For example, ‘O’ becomes a zero, ‘E’ become the number 3, 'H' becomes #, ‘S’ become a $, and ‘A’s become @. 

RoverFetch then becomes R0v3rF3tc#, a reasonably strong yet memorable password.

Multi-factor Authentication (2AF).

More and more accounts and online services offer multi-factor authentication (or two-factor authentication) to help protect accounts. The idea of multi-factor authentication is validating a user based on more than one type of evidence.  

Password authenticate is based on knowledge because you know your password. You may have seen systems where they ask for multiple passwords, or a password and PIN; this adds to security, but isn't considered multi-factor as they both rely on knowledge. 

Possession is the next most common factor method used. If you have to enter a random code either sent to or generated by your smartphone, you need to be in possession of that phone to get the code.  

The other possible factors are Inherent (e.g. biometric methods such as a fingerprint), or location (e.g. you have to use a particular device in a specific place).

If you have a bank account and a bank card, then you have been using Multi-factor authentication for years. You have in your possession your bank card, and you know your PIN.

Multi-factor authentication drastically improves account security, so our strong advice is, wherever you have accounts which support multi-factor authentication, use it.



James Edwards