Strong Password Suggestions
Yes, we get what you’re thinking… You already have more internet logins than you ever imagined, and you’d prefer not waste any more time worrying about them. That’s reasonable. But the truth is that the passwords you choose and how you maintain them have worldwide implications: stolen credentials are the most common entrance point for thieves.
We spend a lot of time at SafeMonitor thinking about passwords because their misuse has been identified as one of the most constant contributing factors to the rise in cybercrime. Passwords, on the other hand, aren’t going away anytime soon. Here are our top five ideas for creating stronger passwords and overall account security.
Select a Password with at least 16 characters.
You’d think that by now, all of the warnings on the significance of strong passwords would have sunk in. Despite this, the top three passwords SafeMonitor recovered from attacks last year were “pass,” “123456,” and “password.” Passwords that are simple for us to remember are simple for crooks to guess. This renders us open to password spraying, a brute force attack in which a cybercriminal attempts to get access to a specific site using a list of usernames and popular passwords. Once a match is found, the criminal will try the same username and password combination on as many accounts as possible.
Furthermore, regardless of the hashing algorithm used, passwords with 16+ random letters, digits, and characters would take millennia to crack. It’s a good reminder that, while we can’t control how a corporation protects passwords, we can take responsibility for our own account security by using more complicated passwords.
Make your passwords unique across all accounts.
Given the recent expansion of digital services and the global move to remote work, most people are juggling more internet logins than ever before. Criminals utilize stolen credentials to commit fraud, assuming that if you use a password for one account, you presumably use the same password for another. Despite broad education on the subject, SafeMonitor noticed a 70% password reuse rate in our recovered breach data over the last two years, indicating that the situation isn’t getting better. Because of the development of automated credential stuffing programs, fraudsters can easily test credential pairs against a variety of websites to see which more accounts they can take over, which is why password reuse is so risky.
Use a password manager to generate and store unique passwords for your hundreds of online accounts.
Do not mix business and personal accounts.
Sixty-four percent of Fortune 1000 employees reuse passwords across work and personal accounts. While this issue appears to be similar to the one described above, the difference here is that negligence at home puts companies at danger. If your streaming or gaming account is hijacked and you have a habit of reusing passwords (even variants of those passwords), thieves may gain access to more of your personal and professional accounts.
Make use of Multi-Factor Authentication.
When it was initially introduced, multi-factor authentication (MFA) was marketed as a “magic bullet” that would fill the gaps in password security. Requiring users to supply something they know (a password) as well as something they are (biometrics) or have (a smartphone token) is a vital layer of security that will discourage some cyber threats. Criminals, like other deterrents, have developed ways to circumvent it, but that doesn’t mean you shouldn’t utilize it.
Utilize NIST Guidelines
The National Institute of Standards and Technology (NIST) creates recommendations for federal agencies to follow, but same guidelines are also useful for private sector firms. One of the most important components of NIST guidelines on password security is to limit the usage of passwords from past breach corpuses. This means that any password exposed in a data breach, no matter how hard, should be prohibited.
While most directory services (including Microsoft Active Directory) provide built-in settings for enforcing many NIST guidelines, comparing passwords to an ever-changing list of exposed passwords is not out-of-the-box functionality, and comparing passwords to a static list will not satisfy NIST’s guidance. New breaches occur on a regular basis, increasing your organization’s risk exposure, so consider using third-party services to supplement Active Directory’s capabilities in this area.
Conclusion
With online services being compromised on a daily basis, leaked/stolen passwords constitute a significant risk if we continue to reuse passwords. Password managers are crucial, as is continual monitoring for exposed credentials, but enterprises must also educate users on the hazards of bad password hygiene. Human conduct is the one variable that cybersecurity systems cannot address. These practices and guidelines, on the other hand, might serve as the starting stages toward developing a strong password foundation for yourself and your organization.
