September 17, 2021 | Net Health

3 Minute Read

Best Practices for Password Security

The Problem with Password Security

Password security presents one of the most challenging aspects of digital identity protection in information security. Several studies on social engineering and attack techniques have clearly demonstrated passwords have long been considered a weak form of protection for your data. Attackers know that passwords are often the sole key to harvesting valuable information and use techniques such as phishing emails and other social engineering attacks to force password disclosure. It is estimated 81% of data breaches are due to poor password security.1 Additionally, attackers use tables of known and common, guessable passwords to perform bruteforce attacks and gain access to your data.

Common Password Mistakes

Part of this problem has to do with exploiting people’s behavior with their choice of passwords. Most people engage in poor security practices when they choose their passwords. Some of the worst habits people do with passwords are below:

  • Choosing easily-guessed passwords or common phrases. It is common for a person to use a short password that is a common sequence (e.g.,123456, which is used by more than 23 million people2) or something they can remember based on personal information (e.g. their name and birthday) An attacker will try to use this information first to break passwords. 45% of Americans use a password that are 8 characters or less.3
  • Using the same passwords across multiple platforms. People often use the same passwords on multiple sites, which is a huge risk to their security. If that password is caught up in a data breach, it will then be used by the attacker across multiple sites to get into the user’s services. More than 60% of users of people use the same passwords for both their work and personal accounts.4
  • Poor physical security. People still write down credentials on Post-it notes taped to their devices or monitors for anyone to see. It is estimated 42% of organizations rely on sticky notes for password management. 5
  • Using short passwords. Passwords below 9-10 characters can be cracked in a matter of hours due to their predictability in storage. It is estimated that an 8 character password can be cracked within an hour in most scenarios. 6

Passwords: Tips to Keeping Safe

One of the most important steps you can take to protect your digital identity is to ensure you follow best practices with choosing a password. The below tips will help keep your data safe:

  • Use a complex password with a length of 15 or greater characters. Avoid the use of passwords with repeating characters or personal information. Short passwords are trivially easy to crack. Using a longer password with Alphanumeric and special characters increases the difficulty for a scanner to perform a bruteforce attack. It is estimated that a password of 15 or more characters takes 600 million years and beyond to crack.7
  • Use a passphrase approach. Couple several random words that make sense to you but are not commonly known. This typically will meet the length requirement and ensure you can remember it as well.
  • Unique passwords. Use a different password across the websites you use, so if one is stolen, the other sites aren’t vulnerable.
  • Use Multifactor Authentication (something you have/know/are) coupled with your password to ensure the site is protected with an extra layer of security. Microsoft estimates that multifactor authentication is estimated to block 99% of password safety issues.8
  • Use a password manager or password vault, such as Lastpass or Keypass. These services act as vaults that securely house your passwords in a “Vault” so you only have to remember the vault password. They also contain tools such as password generators to make up long, random strings that can be stored in your vault. This also helps you to avoid writing your password down on a post-it note and other poor practices with password handling.

The Keys to the Kingdom

The good news is most of these common password problems can be easily avoided by following the basic tips presented above. Knowing how attackers use passwords should help demonstrate how trivial it is to compromise your identity. By following the simple list above, you will be able to better protect yourself and your workplace from cyber attackers.

Sources

  1. ID Agent. (2020). Ecommerce Data Breaches. idagent.com/blog/10-password-security-statistics-that-you-need-to-see-now/
  2. Waterfield, Phee. Password 123456 Used by 23.2 Million Users Worldwide. InfoSecurity Magazine.com April 22, 2019. https://www.infosecurity-magazine.com/news/password-123456-used-by-23-million/
  3. Security.org. How Secure is my password?. https://www.security.org/how-secure-is-my-password/
  4. Branko, K. Impressive Password Statistics to Know in 2021. https://hostingtribunal.com/blog/password-stats/#gref
  5. O’Driscoll, Aimee. 25+Password Statistics that may change your password habits. Copmaritech. August 28, 2020. https://www.comparitech.com/blog/information-security/password-statistics/
  6. Fripp, Charlie. Use This Chart to see how long it’ll take to Crack Your Passwords. Komando, March 19.2021. https://www.komando.com/security-privacy/check-your-password-strength/783192/
  7. Fripp, Charlie. Use This Chart to see how long it’ll take to Crack Your Passwords. Komando, March 19.2021. https://www.komando.com/security-privacy/check-your-password-strength/783192/
  8. Maynes, Melanie. One Simple Action You Can Take to Prevent 99.9 Percent of Attacks on your Accounts. Microsoft. August 20, 2019. https://www.microsoft.com/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/
 
Share this post

Subscribe and See More