10 Apr It’s Time to Change Your Password
Reduce Cybersecurity Risks With Password Security
Cybersecurity and knowing the related risks are essential to any company trying to succeed today. Many disregard cybersecurity and data breaches as problems for IT, but the impact of a breach is felt across your entire organization in disruptions to everyday business. Even in 2019, unauthorized access continues to be a major concern for companies. Data breaches risk financial and intellectual property, as well as personal information and your company’s public image.
One of the most common ways that hackers get access to your data is by simply entering the password. Passwords, the things we’ve dreaded since we first started using them on everything. Like a lock-and-key system, only the right password will allow access. Unfortunately, these passwords are often easy to guess or crack with software. In 2018, over 80% of hacking-related breaches were due to weak or stolen passwords. That sounds like a whole lot of lazy people ignoring password security.
You Know What You’re Doing
A survey by LastPass reports that while over 90% of participants understand the risks of using passwords over multiple platforms, 59% continued to do so. Of the same respondents, 53% had not changed their passwords within the last year. It’s understandable… most of us are still haunted by having to reset our passwords when we have forgotten them, and then read the angry red text that our new password can’t match the old one (what?!). You know what I’m talking about. Nevertheless, we need to overcome that trauma and start thinking about the security risks involved.
Many people cite memory as their reasoning for not creating complex and unique passwords, so in this scenario, we recommend using a password manager. These assist you in generating unique passwords and retrieving them when you need to login to an application. You’ve probably noticed that free versions of this exist on your computer or browser, but paid versions are also available, and they can sync across your devices. The ideal scenario is that you just keep all the info locked in your head, but we know there’s a reason you’ve had the same password for so long! These are often very strongly protected.
Key Points of Password Protection
In no particular order, the following points can help you reduce the risk of someone hacking your passwords, either work accounts or personal.
1. Avoid simple passwords like your birthday, anniversary, or pet’s name. Throw in some special characters and add some length to make it difficult to guess. No one is asking for a haiku or hieroglyphs, but spice it up.
2. Add some length. While everyone has their own views on password length, experts typically agree 12 or more characters is your best bet. Just think, by adding 1 character to your password, how many extra combinations someone would have to go through to guess your password?
3. Don’t use the same password for anything. If your hacker is smart enough to break into one platform, do you really think they aren’t going to try that password or variations of it on other platforms you use?
4. Don’t share it! You’ve created a great password, don’t email it or text it or write it down on a piece of paper. If someone else needs access, they should have their own login, or you need to change your password after each use.
5. Change your password. Yes, I know you just got used to your password and you think it’s great… but you’ve got to say goodbye at some point. The good news is that experts have increased the lifespan of passwords. Where it used to be recommended every 30 days, authorities such as NIST now recommend longer periods. Instead, base your changes off of events such as after logging into a public computer, a security incident, or if you’ve had the same password for a full year.
Two-factor authentication is the process of confirming your identity in 2 different ways. For example, when you try to log on to your company Twitter from a new place, you might need a temporary passcode that has been texted to your accounts phone number, in addition to your regular account password. Although passwords are the star of this blog, I think we all know they aren’t enough alone. This ensures that if your password gets hacked, you’ve got a backup plan. Yes, it can be a nuisance at times, but it’s well worth the added security.
As Core perfectly captures, “2FA involve three different forms to identify and authenticate; these are something you know, something you have, and something you are.” Something you know would be a password, something you have could be a device, and something you are could be your face or a fingerprint. As with my Twitter example, they use something I know (username and password) and something I have (phone).
While not as convenient as fingerprint scanners or facial recognition software as is in most smartphones today, passwords are solid defense- especially when partnered with another authentication factor. Your security team should have two-factor authentication (or multi-factor authentication!) whenever possible.
Ensuring Cyber Safety with Password Security
Not sure what your company uses for security? Does someone in the cubicle over still think “p@ssw0rd” is clever enough? Consider taking a trial of CyberWatch and select NIST for your questionnaire content. It will address passwords, security training awareness, two-factor authentication and multi-factor authentication, among other security measures. You can complete a full assessment and gain valuable insight into your current security standards.