October is National Cybersecurity Month and it can be overwhelming how many things there are to focus on improving! Last week we talked about the risks our own human error bring to the forefront. Today we want to discuss one of the most basic steps you can take to improving your security: Password Security! Passwords are a feature that we all use (and abuse) every single day. How insecure can this security feature be and what can you do to protect yourself and your business?
As we regularly cover, hackers are getting smarter and their attacks are more advanced by the day, despite security measures improving by leaps and bounds. Of course, no monster is all-powerful and there are ways to protect yourself against these dangers. Taking a few extra measures can help keep your password from haunting you at night!
A Necessary Evil
We don’t think that there’s anyone out there that actually enjoys creating and using passwords. After all, they’re just another barrier between you and your data. They are inconvenient and take up your time. It’s hard to see how they are helping you when it feels like all they do is hinder you. However, that barrier is exactly what’s going to protect that data from the outside world.
Password Security Struggles
Since many of us struggle to remember passwords, we end up making a lot of common mistakes. These include:
- Making the password as short as possible
- Not using a password at all
- Reusing passwords for multiple accounts
- Not regularly changing the password
- Using a word that’s easy for us to remember
We’ve all been told that we should avoid these mistakes ad nauseum, but why?
A Real Monster
When you think of a scary beast like Frankenstein’s monster, what gives us the chills? The sheer physical strength that can break down any door you hide behind. There are software programs that work pretty much the same way, using Brute Force Attacks to steal passwords.
These attacks are codes/programs that test possible password after possible password using random combinations of letters and numbers until something works. Dictionary Attacks operate along the same lines, using all the words in the dictionary instead of just random letters and numbers. Passwords that are too short or too simple feed the success of Brute Force Attacks.
One recent program could crack any 8-character password in less than six hours! The time it takes these programs to crack passwords, especially shorter ones, is getting smaller and smaller every year. Once a hacker cracks that password, they then have access to anything that shares that password. If you use that password for business purposes, the payload is even bigger.
Fixing the Problem: The Password Security Silver Bullet
We’d be lying if we said there is a cure-all solution to the problem of password hacks because there isn’t any. However, that doesn’t mean that you’re completely vulnerable either. Below are a few ways to keep your password as safe as possible:
- Change your passwords regularly — In theory, a hacker could get your password correct eventually. If you keep changing it on a regular basis, you’ll keep them guessing, even if they got the old one correct. On average, we recommend changing passwords every 1-3 months. If you do though, make sure the password is always a long and strong one! Otherwise changing up your password will be as useless as not having one.
- Get creative — The best defense for a dictionary attack is not to use words in the dictionary. Either create passphrases (‘I love fooling hackers every day’ becomes i<3Fh@kkerseVrydaI) or use a combination of words and misspellings that wouldn’t appear in any standard dictionary. Also, consider using upper and lowercase letters as well as numbers and special characters in random locations. Experts recommend password length to be at a minimum of 16 characters. As a general rule, the more difficult a password is to remember, the longer it would take for a software program to guess.
- Don’t reuse passwords — Having to remember multiple passwords can be a pain. For some of us, we have to use over a dozen passwords in our first hour at work! This recommendation keeps as much information as safe as possible if one of your passwords is compromised. Think of a ship or submarine with multiple compartments — if one springs a leak and fills up, close a door to mitigate the damage. If all of your passwords are the same, one lucky guess could bring your digital world crumbling.
- Use a password manager — It’s a necessary pain to have unique passwords for each site, but there are tools that can help make it simpler to remember all your passwords. With a secure password manager you can keep your passwords locked away safely in a digital vault that you can access with just 1 password. As long as you remember that 1 password, the vault will remember the rest of them for you. It can also help you create strong passwords so you don’t have to struggle to create new ones in the future!
- Use 2 factor authentication — When you have 2-factor or multi-factor authentication activated on an account, the password alone isn’t enough to access an account. A code sent to your phone or a biometric scan would also be needed to ensure your identity for account access. This method can protect you from a hacker that has gained access to your password.
Bring in a Champion
As hard as you might try, there’s only so much you can do to protect yourself and your company from threats to your password and overall security. Plus, keeping your system safe can be a full-time job in this world, and you already have one of those.
Instead of trying to fight this monster single-handed, consider bringing in the help of a professional monster killer! Our experienced team is more than happy to swoop in and assist your company with the strongest cyber protection on the market, including password management. Even if your walls have already been breached, we can help in the cleanup and future protection.