Data breaches are increasing at an exponential rate, each day approximately 6,255,537 records are lost or exposed. That’s almost 72 per second, and with advancing technology, at risk devices come in many varying forms, from desktop machines, laptops, smartphones, music players, and tablets. All of these machines are potentially vulnerable to hackers, Unfortunately, hacking is often not that complex. The truth is that you can prevent a lot of common attacks and keep your company accounts a great deal safer just by using better passwords. So, if you are looking for a way to improve your cyber security, password security is a great place to start.
One of the easiest and most common ways hackers break their way into an account is to try very common passwords or to do a little research on the intended victim and try some passwords related to that person.
Some of the most common passwords used include:
Passwords like these are VERY insecure insecure. They are easy to guess and cybercriminals will easily gain access to your accounts with weak passwords like these.
Don’t forget, it’s also important not to use personal details such as: Names of friends and family, birthdays, pet names, or places you have lived. It’s amazing how much information is available on the internet with just a little digging. If your password has any information such as these, it can be easily guessed. It might be time for a password change.
So, what is the right way to build a secure password that cybercriminals can’t guess?
In June of last year, the National Institute of Standards and Technology (NIST) released its 74-page updated Special Publication 800-63B on Digital Identity Guidelines . The new guidelines recommend that passwords should be easy to remember but hard to guess. In these new guidelines, NIST recommends using a long passphrase of around 24 characters as opposed to the current standard of 8 characters with an uppercase letter, symbol and or number. This way instead of changing your password every month and forgetting it constantly, a change would only be necessary if your cloud service was hacked.
The question is: Is this way really a safer method?
Considering many platforms only allow for a maximum of 12 characters, they may be behind the times. The fact is: current systems are just not as secure as we need them to be. So, while the idea of a long passphrase is really more secure, most of the time our systems don’t allow us to do so.
Another secure option that is gaining traction is using a password generator or a password vault. This option can come in the form of offline programs as well as websites. Essentially the way it works is a software program keeps a number of passwords in a secure digital location. By encrypting the password storage, the password vault offers employees or individuals the ability to use a single master password for accessing a number of different passwords used for different websites or services. Using this service offers a secure method of protection and allows you to use drastically different passwords without the hassle of remembering or writing down each one.
What is two-factor authentication, and how does it work?
Two-factor authentication is a method of verifying your identity that adds another layer of security to your account password.
Two-factor authentication can include:
Two-factor authentication gives you peace of mind. It’s an extra layer of security that hackers may not be able to crack as easily. This makes the criminal's job more difficult, as they need more than just the username and password. Just remember that nothing is 100% secure, it’s not meant to be foolproof. It is just another hurdle for cybercriminals to jump.
Passwords are just one piece of the cybersecurity puzzle. To create a safer environment for yourself and your company online, you will also want to use data breach readiness, email security, and regular data backups to help keep hackers out of your system, secure your information and protect your good reputation online.
LACyber is a division of Lincoln Archives providing comprehensive Data Breach Defense Services. Lincoln Archives and LACyber are proud to be a part of Lincoln Family of Companies serving the Western New York Community since 1914.