Why are our passwords so complex?
Setting a new password has become an art form over recent years, gone are the days when password01 is acceptable. With the inclusion of banned words and an increase from 7 - 14 characters, passwords have become something of a bugbear for staff.
In this article, we will attempt to explain the reasoning for these changes, and we promise none of those reasons is to make your life more difficult 🙂
Complex Passwords
The reason behind password complexity is simple; the combination of upper and lower case letters, special characters, numbers and overall length of the password means it takes hackers longer to crack your password, and when we say longer, we mean millions of years, not days or weeks - see the below illustration to show we are not exaggerating!
Banned Lists
The reason we have also included a list of banned words, is because whilst people's passwords were the correct length, they weren't complex enough. Utilising the department we work in for your password, or your pets name may make them easier for you to remember it, but it's also easily guessable for hackers who know the environment we work in or who trawl through social media sites, or send out phishing emails looking for ways to socially engineer us.
Microsoft who host our accounts, also have a global banned list of words or phrases it deems too easy to crack, so this could be why a password you have used previously is no longer acceptable. Microsoft do not share this list, it would just reject that as a password.
Threats to MKUH
As reported by ITV News recently, hospitals are one of the most under threat Organisations to Cyberattacks, and due to the sensitive nature of the data we look after (patients name, addresses etc), it's really important we understand and remember this when we are at work. On average we have just over 6000 attempts a month from hackers trying to gain access to our Trust accounts. Before we introduced Multi Factor Authentication, we were getting around 25,000 attacks a month 🤯 - this just shows you that we must try as many ways as possible to prevent these attacks, hence our multi-pronged approach of complex long passwords and MFA.
See this article, for how to set a strong password, it gives some examples of how to set a memorable secure password - How strong are your passwords?
See our linked articles about security;
Multi Factor Authentication (MFA) Rollout
Banned words for MKUH Passwords
Passwordless Sign-on is here !
Inactive MKUH accounts