Keyboard with sticky note depecting World Password Day, the first Thursday of May

In honor of “World Password Day,” we are posting one of our weekly Cybersecurity Email Tips to our blog to bring awareness on the importance of using strong passwords, multiple layers of password protection, and maintaining good security hygiene on the overall.

Let’s start with some interesting stats:

81% of hacking-related breaches leveraged stolen and/or weak passwords

Source: Verizon’s 2017 Data Breach Investigation Report

Reused Passwords (56%) and Bad Password Sharing Practices (44%) are the most common culprits of Insider Threats

Source: Crowd Research Partners’ 2018 Insider Threat Report

In the US, there is an average of 130 online accounts connected to a single email address

Source: Dashlane / US Average

61% Reuse Passwords Accross Multiple Sites

Source: 2017 Digital Guardian Security Habits Survey

Why the need for Strong Passwords?

Thanks to sophisticated brute-force-attack software readily available online, hackers can try tens of millions of potential password combinations per second when trying to hack your accounts. For example, hacking software can guess a five-character password in under three hours, and that time is cut down to a mere 11.9 seconds if you only use lowercase letters in your password!” 11.9 seconds, YIKES!

So, what can you do to protect your PC’s, bank accounts and online profiles from unauthorized access? Well, we recommend using either a secure password or better yet, a long passphrase combined with two-factor authentication (2FA), and a password manager.

What is a Good Password?

A good password should be at minimum eight characters long and consist of a combination of upper & lowercase letters, numbers, and special symbols that are hard to guess. The longer the password, the better, but avoid using dictionary words with capitalization because they’re relatively easy to guess (like Password1234$). Even though the example we just provided meets the requirements we just discussed, it’s easily hacked; remember, hackers have sophisticated password-hacking software that will run 24/7/365.

A Better Option: Use a Passphrase

A more secure and highly recommended option would be the use a long passphrase instead of a complex password. A passphrase is a memorized secret consisting of a sequence of words, spaces, and other text that is only known to you – like a sentence. “Who would have imagined there would be a car floating in space,” is a good example of a passphrase. For that matter, so is, “we are committed to ensuring you’re IT systems remain safe.” That said, stay away from easy to guess passphrases, such as names of loved ones, pets, sports teams, etc. Most password fields allow up to 64 characters including spaces, so type away!

An Even Better Option: Combine a Passphrase with Two-Factor Authentication

Combine your long passphrase with either two-factor authentication (2FA) or Multi-factor Authentication (MFA) for additional layers of security on your accounts.

2FA uses two unique characteristics to verify your identity, such as the use of your password combined with a time-sensitive authorization code that is either sent to your mobile device at the time of account login or it is obtained via an Authentication App installed on your device. MFA expands on 2FA by requiring multiple unique characteristics, such as the use of as your password with an authorization code and your fingerprint, for example.

The addition of 2FA or MFA to your accounts means that in addition to having your credentials, a hacker would also need to have real-time access to your mobile device, security token or authentication app to gain access to your account. We recommend checking with your respective banks and online service providers to see if they support 2FA or MFA.

Let’s Manage Those Passwords

Lastly, use a Password Manager App, such as DashLane, to secure & manage your online passwords. Password Managers enable you to have a unique and strong password for every secure website. Your password data is autogenerated by the App and saved in a secure vault. Upon visiting a secure site, the Password Manager auto-populates the username and password fields with your credential data stored in its encrypted vault.

There are many other Password Manager Apps out there – search the web or your respective App stores for one that best meets your needs.

Here are three EXTREMELY IMPORTANT points to remember when using a Password Manager App:

  1. Select a unique and secure master password that only you will recall
  2. Do not forget that password or you will lose access to the Password Manager App and all the credentials stored in your password vault!
  3. Also, the master password you select should not be used anywhere else!

That’s our IT Security Tip for this week… Hope we were able to help you make your online world a bit more secure and Happy World Password Day!

Roy Richardson

Managing Partner & Co-Founder

Roy Richardson is a co-founder, Managing Partner, and CTO of Aurora InfoTech LLC, a leading Cybersecurity & IT consulting firm in Orlando, Florida. He is also a co-author of the Amazon Bestselling book, "Hack Proof Your Business", a Cybersecurity guide for business owners & executive leadership.

Roy has 20+ years of executive management & engineering experience in the Cybersecurity, Information Technology, and Telecommunication industries. The vast experience he gained over the course of his career has given him a unique perspective that allows him to relate to a broad spectrum of business & technology challenges.

Are Your Business Credentials Exposed on the Dark Web?

1 of 3 small business employee’s email addresses and COMPANY passwords are on the Dark Web!

60% of businesses fail as a result of data breaches!

Free Dark Web Scan