The Directorate of Criminal Investigations (DCI) has urged Kenyans to exercise best password creation practices amid a rising trend in cybercrime attacks, not only in Kenya but globally.
In a statement on Thursday, October 2, the detectives said the cybercrime attacks were largely successful due to weak passwords, among other poor practices.
According to the DCI officers, most passwords are vulnerable to cybercrimes because of issues such as poor user habits, evolving attack methods, and organisational oversights.
"Password management is a key pillar of cybersecurity, underpinning the security of both individuals and organisations in this digital age. Despite persistent advances in security technologies," the DCI noted.
To mitigate cases of cybercrimes mainly caused by weak passwords, the detectives recommended a raft of measures, including creating passwords as long as 64 characters and using spaces.
The officers revealed that longer passwords, such as those with 64 characters, especially passphrases, were significantly resistant to brute-force attacks.
Kenyans were also urged to eliminate arbitrary composition rules, as requiring upper or lowercase, numbers, and symbols, with the detective stating that such can result in predictable patterns and user frustration.
Members of the public were instead told to focus on the length and unpredictability of the password to ensure full security of their account.
Similarly, the DCI officers advised Kenyans to always screen against known breaches and blacklists. "Systems should automatically prevent users from choosing passwords found in breach dumps or on lists of commonly used passwords," they revealed.
The security officers further warned Kenyans against forced or periodic password changes unless evidence of compromise exists. This is because users tend to make minimal changes, undermining security.
Meanwhile, the DCI's warning comes even as the world marks World Cyber Security Month, marked globally to raise awareness about the importance of cybersecurity.
According to Techpoint Africa, Kenya recorded 2.54 billion cyber threat incidents in the first quarter of this year, between January and March, marking a 201. 7 per cent increase compared to October to December last year.
However, President William Ruto's administration has intensified efforts to curb the vice through enhanced cyber policies and international collaborations.
