Many of us would assume that passwords are not a cyber risk, at least not in this day and age. However, the reality is quite different, and passwords do pose a significant threat to your cybersecurity. That's especially true with small businesses.
In a world of single-sign-ons, two-step-verifications, and many other methods for authentication, in the end, it all comes down to your username and password. And this simple authentication process may just be the only thing stopping an attacker from breaching your systems and data.
Human errors and bad passwords.
Passwords are one of the oldest and simplest forms of protection in both regular, as well as in business life. There are plenty of other more advanced methods of online security, which makes passwords one of the weakest forms.
Just consider this: back in 2016, a breach occurred in the White House. It happened to a contractor’s email account because they used the same password that was previously revealed in the Adobe breach of 2013. That's one credential in the middle of millions that are revealed every year.
Stories like that are so frequent that it becomes understandable why 91% of people are aware that using the same passwords all over the web is terrible. yet 59% of them still do it. This means that the issue usually lies in the realm of human error.
How to Create a Strong Password (and Remember It).
If your password is something like "123456", "password", "iloveyou", or "admin", just to name a few of the top ten worst passwords, then you're facilitating a hacking.
Bare in mind that there's basically 3 ways for an attacker to find your password:
- You have left it somewhere accessible,
- Your password is weak and/or common enough for an attacker to guess it (there are oh-so-many password cracking tools!) .
- The system (or website, or server) has bad security and exposes your credentials. Not only the destination system (e.g. your Online Banking site) but maybe even your own system - remember your computer may be infected with a keylogger that's grabbing everything you type! -
Ergo, The long list of best practices with passwords are the following:
- Use different passwords for different services. And change them from time to time, or at the slightest suspicion.
- Always use strong passwords which have include letters (both upper and lowercase), numbers, and symbols. The longer the better.
- Don't write your passwords in plain text anywhere. if you need to store them to memorize them, use mnemonics and other tricks so that a reader cannot do anything with the information.
- Don't use passwords that are words from a dictionary (that's the first run password cracking tools will do) or based upon your details that are not that confidential, such as your Social Security Number or names of family members.
- Avoid default passwords, at all costs
- Never type your passwords on unsecured http: sites
- Watch out what you're using your password for. It the website or service looks poor, it probably is - security wise.
- Always use multi-factor authentication. But these are not bullet-proof. So everything above applies!
- There are several online services and (local) software for storing sensitive passwords, including LastPass and 1Password, Roboform and PasswordSafe - basically, using one master password will unlock every different, random password for the websites. the above applies for your master password!
- Browsers can store your passwords. Make sure they're not stored plain text somewhere in the files.
- If it's an important access, avoid open wifi's and, of course, using third party devices for typing in your password.
- Use security systems in your endpoint to make sure your computer is not infected.
- Use security systems that can protect you from social engineering and fake websites. One of Phishing's very common goals is to take you to a bad website (that you think it is good) and have you type your password in the wrong place. For Email Scamming threats, an advanced email protection service can be a good security measure!