How Secure Are Your Passwords?
Password entry is a daily occurrence in almost everyone’s lives. The average user has at least 90 accounts that require passwords according to a 2015 DashLane blog by Tom Le Bras. Those numbers have only risen since 2015 as technology has embedded itself as an integral part of daily life. Many people are frustrated with the number of passwords they are expected to keep track of, and, as a result, end up using the same password among multiple accounts, using simple passwords, or both. Because of this, most companies have systems in place to prevent lazy password selection. The most common of these strategies is the implementation of password length and complexity requirements. In theory, these password policies beef-up account passwords so both client and company are safer from cyber-attacks. However, recent studies have shown that these attempts to improve security haven’t done much.
Nearly all security breaches involve at least one set of compromised credentials. These breaches uncover a pattern of lazy password selection called “password walking”. The password walking technique can result in a password that fulfills complex password requirements, while still being very insecure. The password walking technique works by entering characters as they fall on a standard keyboard. Some examples of password walking are qwertyu, 1qaz2wsx, or cde#xsw@. By looking at a keyboard, it is easy to see these combinations of letters, numbers, and special characters fall in order. This makes them attractive to a user because they are easy to remember and type in. However, passwords of these types are also very easy to crack for a hacker. Other password patterns including family names, sports teams, popular brands, music, and movies are all examples of more insecure password choices exploited in recent security breaches. These password selection patterns make cracking passwords easier than ever.
So How Do You Make a Secure Password?
There are several best practices to follow to ensure your passwords are secure and will stay secure. The first step is understanding the importance of creating and maintaining strong passwords and the damage that can be done to you and your organization with one set of compromised credentials. Strong passwords help prevent identity theft and are the first line of defense in keeping your financial and personal information safe.
First, consider the age of your current password, and where else this password may be valid. A breach of one site or service could put your other accounts at risk if they share the same password. Select unique passwords for sites and services that store or process sensitive information. Additionally, passwords should be at least twelve to fourteen characters long. The best defense against brute-force password attacks is password length. In general, the longer the password, the more time and computing power is required to crack or guess it. Finally, even the strongest passwords are useless if they are not stored securely. This means ditching the sticky note on your desktop and storing this information in a password manager or encrypted document with appropriate access controls.
There are other ways to protect your accounts and information if a password is stolen or otherwise compromised. Multifactor authentication is the strongest option to stay secure since access to an account is no longer granted with just a password. Multifactor authentication works by performing additional verification at the time of login. This generally includes sending a text message, email, or other notification with a code needed to proceed with the login. Many popular internet services and applications support multifactor authentication. Arm yourself with these good password habits and protect your information from vulnerability created by weak or compromised credentials.
References:
http://www.connectsafely.org/tips-to-create-and-manage-strong-passwords/
https://www.microsoft.com/en-us/research/wp-content/uploads/2007/05/www2007.pdf
https://blog.dashlane.com/virginia-tech-passwords-study/
https://blog.dashlane.com/infographic-online-overload-its-worse-than-you-thought/
