Introduction:
In today's digital age, where almost every aspect of our lives is intertwined with technology, the importance of cybersecurity cannot be overstated. One fundamental aspect of cybersecurity is password security. Non-IT employees tend to ignore password security and find attempts by IT staff to enforce password policies onerous; however, passwords are the first line of defense against hackers and the theft and misuse of corporate assets. In fact, 86% of breaches involving web applications are the results of compromised credentials. In this post, we will delve into why password security is a critical component of overall cybersecurity.
The Perils of Weak Passwords:
Passwords serve as the first line of defense against unauthorized access to our personal and professional digital spaces. Unfortunately, many individuals still underestimate the potential risks associated with weak passwords. While weak passwords are easy to remember and enter, they offer very little protection against hackers. The old standard of 8-character passwords can be hacked in a single day, even with the use of special characters, numbers, and mixed cases, weak passwords can be cracked relatively easily using modern computing power, making them susceptible to easily implemented brute-force attacks.
Better Passwords:
Longer and more complex passwords significantly increase the security of passwords and make it nearly impossible to compromise them via brute-force attacks. 12-character passwords should be considered the minimum standard today and of course should consist of random letters, numbers, special characters, and upper- and lower-case letters. A 12-character password is so secure it takes more than 17 thousand years to crack one. Consider using passphrases instead of passwords. Passphrases are essentially longer combinations of words or phrases, making them exponentially more secure than shorter passwords. For example, you might use myW@terAccountP@ssword! for the billing site of your water department.
Reusing Passwords – Invite the thieves in for dinner:
A recent cybersecurity review estimated that 71% of employees reuse passwords and use the same password for corporate logins as their personal logins. This is a massive security issue that needs to be addressed by all businesses with policies that make it clear employees are not to reuse any password in the corporate domain. The reuse of passwords makes it much more likely that a bad actor with an exploited credential will be able to gain access to other resources on the corporate network. From a personal perspective reusing the same password across dozens or perhaps hundreds of logins make it simple to remember but a nightmare to update when that password is suspected of being compromised. Of course, employees want passwords that are easy to remember and enter and unique and complex passwords are not. The fear or losing passwords or just the aggravation of dealing with them is a primary driver in using and reusing weak passwords. How do we help employees?
Using Password Managers:
Employees should be encouraged to use password managers. All popular web browsers include built in password managers and the ability to sync across devices. Employees should create corporate specific browser accounts and use these password managers to suggest and store strong passwords. For even better security corporations should consider using a commercial password manager for every employee. The password managers add an additional layer of security by incorporating a master password that is needed before any specific password can be used or retrieved. These managers also include multifactor authentication (MFA) which should be used in all corporate settings.
Tips to Create a Secure Password:
1. Do not reuse passwords.
2. Use unique strong password for every login.
3. Use at least 12 characters and consider using phrases.
4. Use a mixture of letters (upper and lower case), numbers, and special characters such as ! or @
5. Do not use personally identifiable information such as birth days, pet names, etc…
6. Use a password manager or password generator to create complex passwords.
7. Use a password manager and not sticky notes to remember those long complex passwords.
Conclusion:
In conclusion, password security is a critical aspect of cybersecurity that should not be overlooked. Advocating for the use of passphrases, adopting unique passwords for every site, and implementing stringent corporate password policies are crucial steps in fortifying our digital defenses. As individuals and businesses, we must recognize the significance of robust password practices in safeguarding our online presence and protecting sensitive information from malicious actors.
About Congruity IT:
Congruity IT is a leading managed service provider with an unwavering focus on cybersecurity. Congruity is dedicated to providing robust solutions that align with the highest standards of cybersecurity. By incorporating these practices into your digital habits, you not only enhance your personal security but also contribute to a congruent approach to cybersecurity in the broader digital landscape. As we navigate the complexities of the online world, let Congruity be your ally in ensuring a harmonious and secure digital experience.
Comments