In a recent study focused on password security, Hive Systems, a renowned cybersecurity firm, uncovered alarming findings that shed light on the vulnerability of weak passwords. The research revealed two significant discoveries that underscore the urgency of implementing robust password practices.
Firstly, the study demonstrated that any 8-character password is susceptible to brute force attacks, with hackers capable of cracking it within an hour. This highlights the critical importance of choosing passwords that are significantly longer and more complex to withstand malicious attempts.
Secondly, the research exposed the inherent weakness of passwords with less than seven characters. Shockingly, passwords of this length can be cracked instantaneously, leaving users extremely vulnerable to unauthorized access.
These findings emphasize the pressing need for individuals and organizations to adopt stringent password security measures. By implementing strong and unique passwords, employing multifactor authentication, and staying vigilant against emerging threats, users can significantly fortify their digital defenses and protect their sensitive information from malicious actors.
In this article, we will explore the best password practices that can help fortify your digital life.
How Passwords Get Hacked
Having a longer, more complex, and less guessable password is indeed crucial for security. However, it’s important to understand how hackers can figure out your password and exploit vulnerabilities. Let’s explore some common methods used by attackers.
Dictionary Attacks
One method employed by hackers is known as a dictionary attack. In this type of attack, the hacker uses specialized software to systematically try numerous passwords against a file, hash, or database. The software utilizes algorithms that begin with commonly used words and passwords, gradually testing different combinations of uppercase and lowercase letters, numbers, and special characters until a match is found.
Phishing
Phishing occurs when attackers attempt to deceive you into providing them with sensitive information. They may reach out through various channels, such as emails, texts, or phone calls. To appear trustworthy, they often exploit personal information like the names of your boss or coworkers.
Malware
In some extreme cases, attackers can gain access to your password regardless of its strength. For instance, if your computer is compromised by malware, a remote attacker may be able to obtain your password simply by capturing the keystrokes as you enter it.
This is precisely why it’s crucial to have robust security tools in place to protect your computers and implement multiple layers of security.
Password Best Practices
1. Length
Research and data consistently highlight that the length of your passwords is the most critical factor in determining their security. Visualize this significance through the table below, which demonstrates the relationship between password length and cracking time.
Even if you opt for an all-lowercase password, extending it to fifteen characters can increase the cracking time to almost 30 years. Remember, regardless of complexity, longer passwords inherently become harder to crack. Therefore, the mantra remains: the longer, the better.
Source: Hive Systems
2. Complexity
While length plays a paramount role, complexity also plays its part in strengthening your passwords. Although a lengthy, all-lowercase password might appear acceptable, let’s aim for greatness rather than settling for mediocrity.
Therefore, it is still advisable to create passwords that are both long and complex. In the subsequent sections, we will explore helpful tips on achieving complexity without overwhelming your memory.
However, it’s worth noting that complexity is not as crucial as it was once. The inventor of complexity requirements has acknowledged that password length surpasses complexity in importance.
In conclusion, to enhance your password security, focus on both length and complexity. Long passwords provide a solid foundation while incorporating complexity further bolsters your defenses.
3. Uniqueness
One of the major reasons why countless accounts fall victim to hacking is the prevalent practice of using the same password across multiple websites. This common oversight provides hackers with a treasure trove of breached databases containing passwords, emails, and associated websites.
Troy Hunt, the founder of the service “Have I Been Pwned?” has created a valuable resource that allows you to easily check if your email has been involved in a breach. If your email and password combination is present in one breached database, hackers will undoubtedly explore other databases to uncover your accounts on various services.
Once armed with this information, hackers will attempt to exploit your password across multiple platforms, gaining unauthorized access to your digital presence. Therefore, it is crucial to embrace the practice of using unique passwords for every single login you possess. Consider it a mandatory security measure rather than an optional choice.
4. Prefer Passphrases Over Passwords
Passwords and passphrases are often used interchangeably, but it’s essential to understand their distinctions. In simple terms:
- Passwords: They are typically a single word or a combination of characters, such as letters, numbers, and symbols. Passwords provide a straightforward approach to access authentication.
- Passphrases: In contrast, passphrases consist of a sequence of discrete, multiple words. They offer an alternative approach to authentication, allowing users to create longer and more complex combinations.
Passphrases are usually better due to their combination of length and ease of memorization. A popular method for generating an easily memorable passphrase is to use song lyrics or famous quotes. However, this is not recommended as they are also easier to guess.
An example of a solid passphrase could be to use an event from your personal experience.
E.g.: My first job was at Microsoft and I earned $4000 USD per month
Or to choose 4 or 5 random words and add some numbers.
E.g.: jeans banana house workaholic 3785
5. Enable Two-Factor or Multifactor authentication
Two-factor authentication or multi-factor authentication provides an additional layer of security by requesting an extra form of authentication beyond just a password. This mechanism typically involves the initial login process followed by a confirmation sent to a designated device, often a smartphone. This confirmation can be in the form of a text message, phone call, or an in-app security verification screen. The ideal scenario is that only the authorized person possesses the smartphone and can approve or deny the authentication requests accordingly.
More advanced 2FA methods may include biometric authentication, such as fingerprint scanning, to prevent unauthorized use of lost or stolen phones for issuing false confirmations. Nowadays, most cloud applications offer 2FA, and many traditional applications are also adopting this security measure. By dedicating a few extra seconds during each login, you can ensure that even if your password is compromised, unauthorized individuals won’t be able to access your accounts.
6. Use a Password Manager
Password managers offer more than just password generation and storage capabilities. They provide a comprehensive set of features that enhance your overall security posture and empower you to create stronger passwords.
One key aspect is their ability to assess the strength of each password individually, ensuring that you have robust and resilient credentials. Additionally, password managers can identify instances where passwords are reused across multiple accounts, helping you avoid this risky practice.
Moreover, password managers can autofill your credentials directly into web browsers, streamlining the login process and reducing the chances of errors or typos. They actively monitor for any passwords that may have been compromised in data breaches, providing an extra layer of security and alerting you to take necessary actions.
By leveraging the insights and features provided by password managers, you can develop a comprehensive strategy for creating strong and unique passwords.
7. Regularly Update and Change Passwords
The longer you continue using a single password, the greater the risk of it being compromised. By regularly updating your password, you can disrupt the efforts of all but the most persistent cybercriminals.
This practice can help you keep your most sensitive information secure, such as online banking credentials and the password for your primary email account. However, it is crucial to ensure that when changing your password, you select one that is equally strong or even stronger than the previous one.
8. Never Share Your Password
Sharing passwords, even with colleagues or family members, poses a significant security risk. Each individual should have their own unique login credentials for every account they use. Sharing passwords increases the likelihood of unauthorized access and compromises security.
Your password is what makes you accountable for the activities conducted within your account. Surprisingly, social engineering tactics can often be more successful in obtaining someone’s password than traditional hacking methods. Many phishing attacks are designed to deceive you into revealing your password through various means. It’s easier to persuade the bank manager to open the safe instead of going through the trouble of breaking it open!
Final Thoughts
Implementing strong password management practices is essential for safeguarding your digital presence. You can implement the best practices discussed above if you want to enhance your online accounts security and protect yourself from cyberattacks.
If you need help to strengthen your organization’s security posture, feel free to contact Softlanding. One of our security experts will reach out to you and set up a free discovery call.