Password Security Needs to Be a Priority
February 27, 2018
Passwords are everywhere. It seems that every account requires a password, in addition to the devices we use to access these accounts. This is a good thing, as it only helps to increase security - assuming that the password is strong. After all, a password that anyone can guess can hardly be called a password at all.
Unfortunately, recent insights are showing that passwords are not being approached with security in mind. An examination of passwords that were leaked in 2017, put together by SplashData, showed that the most common passwords in the sample were “123456” and “password.” Not coincidentally, these were also the passwords that were cracked most often for the fourth year in a row. The most recent edition of the University of Phoenix’s annual cybersecurity survey added to this data. This survey’s results showed that password practices are severely lacking:
Only 42 percent of Americans use different passwords across different websites.
Only 35 percent regularly update their passwords.
Only 24 percent update their passwords before they have to travel.
These stats are only made worse when other results from this survey are taken into account. Not only have 43 percent of adults experienced a data breach during the last three years, only 29 percent of workplaces include password protections in their official cybersecurity policies.
One of the big contributing problems is the fact that many people just aren’t confident in their ability to remember the recommended random assortment of alphanumeric characters for one account, let alone for each of the numerous accounts that they have.
Fortunately, there are a few tricks and solutions to help meet these standards.
Something like “kD78Bnd45” isn’t very easy to remember, and as we’ve discussed, it would be even harder to remember a password like this for each account. It also doesn’t help that many passwords also come with length requirements, meaning that the random code becomes even longer and is, therefore, more difficult to remember. While using a single word isn’t advisable, as social engineering will put the cybercriminal on the right track, your security can be boosted by instead using a sentence. This sentence is known as a passphrase.
For example, ‘starwars’ was the 16th most used password in the Splashdata examination discussed above. If someone were to have a social media account filled with Yoda memes and albums from their time at Orlando, Florida’s Star Wars convention, a cybercriminal would probably guess that this person is one of those who use ‘starwars’ to protect their data. However, if this password was lengthened into a passphrase, like “I really like Star Wars,” it becomes considerably less obvious.
A password or passphrase can also be strengthened further by also substituting numbers and symbols in for certain letters. Using our example, “I really like Star Wars,” the likelihood of the passphrase being cracked is diminished even more when it becomes “1 really l!ke St@r W@rs.”
Using a Password Manager
There are also plenty of programs that are designed for those who have a hard time keeping track of their passwords. Password managers can reduce the number of passwords you have to remember down to one, as the rest are securely saved and able to be populated in the appropriate fields.
Whatever it is you decide to use to assist you in managing your passwords, there are also tools available to help you estimate how effective your passwords will be. For example, one of these tools puts the amount of time it would take for a computer to hack into our “1 really l!ke St@r W@rs” example at 3 octillion years. Compare that to “password,” which would be cracked “instantly.”
For more advice on how to maintain your cybersecurity, reach out to us directly at firstname.lastname@example.org.