In honor of “World Password Day,” we are posting one of our weekly Cybersecurity Email Tips to our blog to bring awareness on the importance of using strong passwords, multiple layers of password protection, and maintaining good security hygiene on the overall.
Let’s start with some interesting stats:
81% of hacking-related breaches leveraged stolen and/or weak passwords
Source: Verizon’s 2017 Data Breach Investigation Report
Reused Passwords (56%) and Bad Password Sharing Practices (44%) are the most common culprits of Insider Threats
Source: Crowd Research Partners’ 2018 Insider Threat Report
In the US, there is an average of 130 online accounts connected to a single email address
61% Reuse Passwords Accross Multiple Sites
Why the need for Strong Passwords?
Thanks to sophisticated brute-force-attack software readily available online, hackers can try tens of millions of potential password combinations per second when trying to hack your accounts. For example, hacking software can guess a five-character password in under three hours, and that time is cut down to a mere 11.9 seconds if you only use lowercase letters in your password!” 11.9 seconds, YIKES!
So, what can you do to protect your PC’s, bank accounts and online profiles from unauthorized access? Well, we recommend using either a secure password or better yet, a long passphrase combined with two-factor authentication (2FA), and a password manager.
What is a Good Password?
A good password should be at minimum eight characters long and consist of a combination of upper & lowercase letters, numbers, and special symbols that are hard to guess. The longer the password, the better, but avoid using dictionary words with capitalization because they’re relatively easy to guess (like Password1234$). Even though the example we just provided meets the requirements we just discussed, it’s easily hacked; remember, hackers have sophisticated password-hacking software that will run 24/7/365.
A Better Option: Use a Passphrase
A more secure and highly recommended option would be the use a long passphrase instead of a complex password. A passphrase is a memorized secret consisting of a sequence of words, spaces, and other text that is only known to you – like a sentence. “Who would have imagined there would be a car floating in space,” is a good example of a passphrase. For that matter, so is, “we are committed to ensuring you’re IT systems remain safe.” That said, stay away from easy to guess passphrases, such as names of loved ones, pets, sports teams, etc. Most password fields allow up to 64 characters including spaces, so type away!
An Even Better Option: Combine a Passphrase with Two-Factor Authentication
Combine your long passphrase with either two-factor authentication (2FA) or Multi-factor Authentication (MFA) for additional layers of security on your accounts.
2FA uses two unique characteristics to verify your identity, such as the use of your password combined with a time-sensitive authorization code that is either sent to your mobile device at the time of account login or it is obtained via an Authentication App installed on your device. MFA expands on 2FA by requiring multiple unique characteristics, such as the use of as your password with an authorization code and your fingerprint, for example.
The addition of 2FA or MFA to your accounts means that in addition to having your credentials, a hacker would also need to have real-time access to your mobile device, security token or authentication app to gain access to your account. We recommend checking with your respective banks and online service providers to see if they support 2FA or MFA.
Let’s Manage Those Passwords
Lastly, use a Password Manager App, such as DashLane, to secure & manage your online passwords. Password Managers enable you to have a unique and strong password for every secure website. Your password data is autogenerated by the App and saved in a secure vault. Upon visiting a secure site, the Password Manager auto-populates the username and password fields with your credential data stored in its encrypted vault.
There are many other Password Manager Apps out there – search the web or your respective App stores for one that best meets your needs.
Here are three EXTREMELY IMPORTANT points to remember when using a Password Manager App:
- Select a unique and secure master password that only you will recall
- Do not forget that password or you will lose access to the Password Manager App and all the credentials stored in your password vault!
- Also, the master password you select should not be used anywhere else!
That’s our IT Security Tip for this week… Hope we were able to help you make your online world a bit more secure and Happy World Password Day!
Managing PartnerRoy is a co-founder and managing partner of Aurora InfoTech LLC. He has 20+ years of senior level management & engineering experience in the Cybersecurity, IT, and Telecommunication industries.