CRC Data Technologies Blog: Password Security: Don’t let your Password Haunt You
October is National Cybersecurity Month and password security is a big part of that! Cybersecurity is so important and appropriate to discuss considering how scary it is out there! As we regularly cover, hackers are getting more advanced by the day, despite security measures improving by leaps and bounds. Of course, no monster is all-powerful and there are ways to protect yourself against these dangers.
In this article, we’ll be discussing a feature that we all use (and abuse) every day: passwords. How insecure can this security feature be and what can you do to protect yourself and your business?
A Necessary Evil
We don’t think that there’s anyone out there that actually enjoys creating and using passwords. After all, they’re just another barrier between you and your data. However, that barrier is exactly what’s going to protect that data from the outside world.
Password Security Struggles
Since many of us struggle to remember passwords, we end up making a lot of common mistakes. These include:
Making the password as short as possible
Reusing passwords for multiple accounts
Not regularly changing the password
Using a word that’s easy for us to remember.
We’ve all been told that we should avoid these mistakes ad nauseum, but why?
A Real Monster
When you think of a scary beast like Frankenstein’s monster, what gives us the chills? The sheer physical strength that can break down any door you hide behind. There are software programs that work pretty much the same way, using Brute Force Attacks.
These attacks are codes/programs that test possible password after possible password using random combinations of letters and numbers until something works. Dictionary Attacks operate along the same lines, using all the words in the dictionary instead of just random letters and numbers. Passwords that are too short or too simple feed the success of Brute Force Attacks.
One recent program could crack any 8-character password in less than six hours! Once a hacker cracks that password, they then have access to anything that shares that password. If you use that password for business purposes, the payload is even bigger.
Is Your Password Worth It?
Although cyber pirates still buy large lists of passwords and other stolen data off of the Dark Web for quick hits, they've shifted in the past few years focusing on more time and effort on fewer but larger targets. These attacks may take up more of the hacker’s valuable time, but it brings in massive returns.
Naturally, there’s only so much you can milk from a single victim, but a company or organization has much deeper pockets and a lot more to lose. Think about the amount of cash in your personal bank account versus what your company may have at any given time. On top of that, think of all the resources your company has at its disposal that may be vulnerable in the event of an attack.
Fixing the Problem: The Password Security Silver Bullet
We’d be lying if we said there is a cure-all solution to the problem of password hacks because there isn’t any. However, that doesn’t mean that you’re completely vulnerable either. Below are a few ways to keep your password as safe as possible:
Change your passwords regularly — In theory, a hacker could get your password correct eventually. If you keep changing it on a regular basis, you’ll keep them guessing, even if they got the old one correct. On average, we recommend changing passwords every 1-3 months.
Get creative — The best defense for a dictionary attack is not to use words in the dictionary. Either create nonsensical strings of characters or use a combination of words that wouldn’t appear in any standard dictionary. Also, consider using upper and lowercase letters as well as numbers and special characters. As a general rule, the more difficult a password is to remember, the longer it would take for a software program to guess.
Don’t reuse passwords — Having to remember multiple passwords can be a pain. For some of us, we have to use over a dozen passwords before we finish our first coffee! This recommendation keeps as much information as safe as possible if one of your passwords is compromised. Think of a ship or submarine with multiple compartments — if one springs a leak and fills up, close a door to mitigate the damage. If all of your passwords are the same, one lucky guess could bring your digital world crumbling.
Bring in a Champion
As hard as you might try, there’s only so much you can do to protect yourself and your company from threats to your password and overall security. Plus, keeping your system safe can be a full-time job in this world, and you already have one of those.
Instead of trying to fight this monster single-handed, consider bringing in the help of a professional monster killer! Our experienced team is more than happy to swoop in and assist your company with the strongest cyber protection on the market, including password management. Even if your walls have already been breached, we can help in the cleanup and future protection.
Keep reading here.