Remembering the dozens of passwords we need to access our increasing multitude of online accounts isn’t easy. That’s why many people have developed appalling cybersecurity habits that quite literally open doors for hackers to steal data. In fact, according to a study carried out by SplashData in 2018, the two most popular passwords are “123456” and “password”. Not much better are other easy-to-guess things like common names and words.
While other methods of authentication exist, passwords remain a central component of any cybersecurity strategy. Hackers enjoy great success exploiting simple passwords that can be cracked by automated programs that make thousands of guesses per second. A strong password isn’t the only way to protect your digital identity, but that doesn’t mean you can take a lackadaisical approach.
#1. Avoid words in the dictionary
Many common passwords are simply common names or words. Hackers exploit these by using what’s known as a dictionary attack, a process that typically takes less than a second. Furthermore, these passwords are often easy to guess, particularly if the hacker has been carrying out diligent research. Some people think that their passwords will be safe from such attacks simply by adding a number after the word but, in reality, it makes little difference when confronted with today’s more sophisticated hacking tools.
#2. The longer the better
If they don’t have some clues already, hackers may rely on brute force attacks to try every possible combination of letters, numbers, and symbols until they get the right one. Passwords less than seven characters can be revealed in less than a second, but timespans increase exponentially for each additional character. For example, passwords that contain 10 random characters take months to crack, while 12 characters take centuries. Just one letter can make all the difference!
#3. Use numbers, letters, and symbols
As we’ve seen, the problem with using words or phrases is that they are easily compromised by checking them against a wordlist, even if the passwords are far too long for a brute force attack to find. Adding numbers and symbols adds an exponentially higher number of possible combinations to the extent that both dictionary-based and brute force attacks become a practical impossibility. That’s why many online accounts enforce strict password policies in which you’re required to use a combination of character types.
#4. Don’t change your passwords regularly
Many account security policies enforce password expiration dates, forcing you to change your password every 30 or 90 days, for example. However, since this approach places an additional burden on users, it’s more likely they’ll use easy ones, write them down somewhere visible, or simply forget them. Back in 2017, the National Institute of Standards and Technology (NIST) updated its cybersecurity recommendations, discouraging frequent password changes for this reason.
Instead, stick to using complex passwords, and change them only if the service they are attached to has disclosed a security incident, or if there has been evidence of unauthorized access to the account. Another alternative is to use a password manager with a single master password, although this does mean having a single point of failure.
#5. Add a second authentication method
If at all possible, you should avoid relying on passwords exclusively for accounts that handle sensitive information. Multi-factor authentication (MFA) adds an extra layer of security by requiring additional information before letting users log on.
In addition to passwords, MFA requires something you know, something you have, or something you are. Examples include physical security tokens, fingerprint scans, or SMS codes. Implementing MFA drastically reduces online identity theft, particularly if you’re using biometric authentication.
Are digital security concerns keeping you awake at night? Get in touch with the team at Enteracloud today to schedule a free consultation and find out how we can help you transform your IT infrastructure into an impregnable fortress.