We’ve all been there: sighing in frustration as a system we need to log into asks for a password containing uppercase letters, lowercase letters, numbers, special characters… and probably some morse code and hieroglyphics for good measure!
But as International Computer Security Day rolls around for its 34th year on 30 November, it seems that data breaches at major corporations are still being reported in the news every couple of months. So, it’s a timely reminder that the best form of defence is a good offence when it comes to passwords.
First line of defence
Getting tactical with your password creation is a minor inconvenience compared to the potential consequences of having your accounts hacked. And for travel management companies entrusted with the personal information of travellers across the world, it’s crucial that every employee plays their part in keeping systems secure.
Here at HotelHub, we know a thing or two about information security. With 75,000 hotel bookings a day processed through our secure platform, safeguarding the data of the global TMCs who use our tech – and the customers they service – is paramount to us. Password protocol is a key part of training for every one of our team members and, in honour of International Computer Security Day, our InfoSec team have shared their top tips for creating robust passwords.
So, if you’re a corporate travel professional still using ‘password’ as your password, take note…
1. No repeats
Repeating passwords across accounts creates opportunities for hackers to access every account that uses that password. Don’t use the same passwords for your work-related accounts as for personal accounts and, ideally, you should aim to have a different password for every account you log into.
2. Don’t make it personal
When deciding on a password don’t use easy-to-find personal information. Basic personal information such as your birthday and the school you went to are easy to remember – which is why many people use this kind of information in their passwords. However, in the age of social media, this information can easily be found online, for instance from your Facebook, LinkedIn or Twitter profile.
3. Complex is best
Password strength is important and short passwords are easier to crack than long passwords. We recommend using a passphrase instead. Passphrases involve stringing together a few words, preferably with character substitutions, to create a lengthy and complex password that’s hard to crack – but not impossible to remember. For instance, ‘Mary had a little lamb’ could be used as the basis for a passphrase with the following substitutions: m@ryHadAl!ttl3lam6.
4. Keep it under wraps
This should go without saying, but never share passwords with anybody else, including your most trusted colleagues. And take care when you’re giving presentations that you don’t accidentally display passwords in plain text as you’re logging into a system.
5. If in doubt, change it
It’s always better to be safe than sorry. If you have reason to believe that any of your passwords – whether it’s for personal or business accounts – have been compromised, you should change them immediately. Don’t hesitate to let your data security or IT team know if you have any concerns and provide them with as much detail as you can; keeping systems secure is what they’re there for.