I always tell my clients that the difference between a good password and a weak one is the major determining factor in protecting your online information.
Data breaches and account hacks are on the rise, and you must protect your business. Two out of every five people have had their personal information compromised in the last year alone. They not only had their account hacked, but their password was stolen, compromising their entire digital life.
Things have gotten so bad that eight out of every ten people admit to being concerned about their online security—And, seven out of every ten people no longer trust passwords to protect their accounts.
The fact is that, in most cases, the users themselves are their own worst enemies. So much digital damage could be mitigated (if not eliminated entirely) by simply understanding the difference between a weak password and a good one.
The Problem with Passwords
The number of people who use weak passwords (and who then reuse those passwords across multiple sites) may be higher than previously thought. And, the statistics are alarming—Only 1% actually care enough to come up with a strong enough password that can’t be easily tracked or broken.
Almost 35% of online users have passwords that would be considered “weak.” The other 65% use passwords that can be effortlessly cracked by someone who knows what they’re doing.
In addition to weak passwords, a large part of the problem is that people reuse them on multiple sites. This means that if one site is compromised (along with a critical piece of information like an email address), a hacker has what they need to try accounts with other popular sites until they get a secondary “match.”
Think about it—When your online banking info is compromised because of a weak password, that’s one thing. If you use the same password to log into your business’ private intranet, you’re suddenly looking at a major issue that’s only going to get worse as time goes on.
Everyone knows that strong passwords are considered to be exactly that for a reason. They’re not simple words or phrases and are long codes (with 10 distinct characters or more) that also contain symbols and other special characters to increase complexity. Unfortunately, these are also difficult for people to remember, which means they reuse them often.
However, the good news is that coming up with a good password isn’t necessarily the world’s most difficult task—It is, however, something that you must actively work at.
Addressing This Challenge
A number of organizations have taken steps to address these challenges. The NIST Special Publication Digital Identity Guidelines is an example. It recommends that organizations limit the authentication attempts an attacker can make—And that second and third tier authenticators be used (like tokens), in addition to standard passwords that allow easy access to accounts for employees but ward off potential intrusion attempts.
Password Tips, Tricks and Best Practices
It’s clear that something has to be done in terms of passwords. As with most things, this requires you to keep key factors in mind. Here are a few that I recommend:
- The number-one best practice in terms of password security involves making an effort to NOT use words that can be found in the dictionary. Most password-cracking tools (many of which are freely available) often come with dictionary functionality built right in. They begin the cracking process by trying as many common words and phrases as possible, cross-referencing the information available with a list of passwords that have been leaked online. This is actually an incredibly effective cracking method and one that can be mitigated almost entirely by avoiding the use of these words and phrases in the first place.
- It’s always important to create unique passwords for every account, using a combination of, not only, words and numbers, but also symbols, upper-case letters and lower-case letters. Plus, using passwords that are case sensitive will go a long way towards making it more difficult for a hacker to gain unauthorized access to your account.
- Finally, it’s recommended that you start using long-form passwords with a combination of words and phrases that form a sentence, as opposed to the more traditional “secret password” model. Making your password something like “IwasborninClevelandOhioin1985” not only satisfies the length requirements for a strong password, but it’s also easy to remember and difficult to guess.
Cyber security is one of the most important topics of the modern era, particularly as more businesses move their daily operations into the digital realm. Using your common sense and staying up-to-date on the latest challenges will help you stay protected—But at the end of the day, your defense efforts must begin with quality passwords across the board.
If you’re in the San Francisco area and are interested in finding out more about this or other essential cybersecurity topics, please don’t hesitate to contact Intivix at (415)-549-9681, or by sending us an email at: [email protected]