Password Security Needs to Be a Priority
Passwords are everywhere. Every online account requires a password, in addition to the devices we use to access these accounts. This is a good thing, as it only helps to increase security - assuming that the password is strong. After all, a password that anyone can guess can hardly be called a password at all.
Unfortunately, recent insights are showing that passwords are not being approached with security in mind. An examination of passwords that were leaked in 2022, put together by NordPass, showed that the most common passwords in the sample were:
Not coincidentally, these were also the passwords that were cracked the most quickly; a four character password can be cracked instantly. some in a matter of seconds. A study from the Canadian government further showed that password practices are severely lacking:
- 55 percent of Canadians reuse their passwords. use different passwords across different websites.
- 27 percent use personally identifiable information.
These stats are only made worse when other results from this survey are taken into account. Not only have 43 percent of adults experienced a data breach during the last three years, only 29 percent of workplaces include password protections in their official cybersecurity policies.
Clearly, this isn’t an ideal situation. One of the big contributing problems is the fact that many people simply aren’t confident in their ability to remember the recommended random assortment of alphanumeric characters for one account, let alone for each of the numerous accounts that they have.
Password security is crucial for businesses due to several reasons:
- Data Protection: Businesses often deal with sensitive and confidential information, including customer data, financial records, and intellectual property. Passwords serve as the first line of defense against unauthorized access to this information.
- Financial Security: Breaches resulting from weak passwords can lead to financial losses. Cybercriminals may gain access to financial accounts, conduct fraudulent transactions, or steal funds, causing significant financial harm to the business.
- Reputation Management: A security breach can damage a company's reputation and erode customer trust. If customers believe that their data is not secure, they may be hesitant to engage with the business, leading to a loss of clients and potential revenue.
- Compliance Requirements: Many industries have specific regulations and compliance standards regarding data protection and security. Failing to implement strong password policies can result in legal consequences and financial penalties for non-compliance.
- Employee Productivity: In a business setting, unauthorized access to employee accounts can disrupt operations, lead to data loss, and compromise productivity. Proper password security helps prevent these disruptions by controlling access to sensitive systems and information.
- Network Security: Weak passwords can be exploited by attackers to gain unauthorized access to a business's network. Once inside, they can potentially compromise other systems, install malware, or conduct other malicious activities.
- Phishing Protection: Strong password practices, including awareness training for employees, help guard against phishing attacks. Employees trained in recognizing phishing attempts are less likely to fall victim to schemes that aim to trick them into divulging sensitive information.
- User Accountability: Individual user accounts are often tied to specific actions within a business system. Strong password policies make it easier to track and attribute actions to specific users, aiding in accountability and the identification of potential insider threats.
- Prevention of Credential Stuffing: Credential stuffing involves attackers using lists of compromised usernames and passwords from one breach to gain unauthorized access to other accounts where users have reused passwords. Strong password policies and encouraging the use of unique passwords for different accounts help mitigate this risk.
- Technology Integration: As businesses adopt more cloud-based services and applications, robust password security becomes increasingly important. Ensuring that employees use strong, unique passwords for various online services helps protect against a range of cyber threats.
Fortunately, there are a few tricks and solutions to help keep business passwords secure.
Let’s be honest, something like “kD78Bnd45” isn’t very easy to remember, and as we’ve discussed, it would be even harder to remember a password like this for each account. It also doesn’t help that many passwords also come with length requirements, meaning that the random code becomes even longer and is therefore more difficult to remember.
While using a single word isn’t advisable, as a little social engineering will generally put the cybercriminal on the right track, your security can be boosted by instead using a sentence. This sentence is known as a passphrase.
A password or passphrase can also be strengthened further by also substituting numbers and symbols in for certain letters. Using our example, “I really like Star Wars,” the likelihood of the passphrase being cracked is diminished even more when it is becomes “1 really l!ke St@r W@rs.”
Using a Password Manager
There are also plenty of programs that are designed with those who have a hard time keeping track of their passwords in mind. Password managers can reduce the number of passwords you have to remember down to one, as the rest are securely saved and able to be populated in the appropriate fields.
Whatever it is you decide to use to assist you in managing your passwords, there are also tools available to help you estimate how effective your passwords will be. For example, one of these tools puts the amount of time it would take for a computer to hack into our “1 really l!ke St@r W@rs” example at 3 octillion years. Compare that to “password,” which would be cracked “instantly.”
Password security is a fundamental aspect of overall cybersecurity for businesses, helping protect sensitive information, financial assets, and the overall well-being of the organization. Implementing and enforcing strong password policies is an essential component of a comprehensive cybersecurity strategy. For more advice on how to maintain your cybersecurity, keep reading our blog, or reach out to us directly to learn more about our Managed Cybersecurity Solutions.