Why Password Security is So Important to CybersecurityJanuary 29, 2021
It’s strange to think of a time when passwords weren’t a constant part of our daily lives. Even in the early days of the internet, you only had to worry about remembering two or three passwords. Most people had an email address or two. Outside of that, they might have a login password for a network and/or their computer itself.
Things are much different now.
Today, the average person has 70-80 passwords. Trying to remember 70-80 passwords at any given time is understandably beyond the capabilities of most people, especially if the passwords are complex. Because of this, most people have overly simple passwords that they reuse across multiple accounts. This creates serious risks both personally and professionally.
If a password is easy for the user to figure out, it probably isn’t too difficult for others to figure out either. Many of today’s systems and software have password requirements to avoid this. However, even if a person chooses a more complex password, reusing it across multiple accounts negates the added security. The password only needs to be cracked or leaked on one platform. After that, every account it’s used on could be compromised.
For business owners, this creates a serious problem. If one of your employee’s personal accounts gets compromised, and they use that same password for work purposes, it could open up a gateway into your own systems. This happens regularly, which is why 80% of data breaches stem from a compromised password.
If you’re working on improving cybersecurity in 2021, passwords are one of the best places to start.
Proper Password Protocols
Regardless of size or industry, every business is vulnerable to cyberattacks. Just one breach can cost a business hundreds of thousands of dollars, if not millions. That is why every business should have a password policy in place.
It’s natural that you want to trust your employees, and it’s easy to assume that people know better. However, the facts state otherwise when it comes to passwords. Millions of internet users still use passwords like “12345”, “qwerty”, and “password”. According to a Google survey 65% of people reuse passwords across multiple accounts.
For a modern business in today’s interconnected world, this simply isn’t acceptable. By implementing basic password requirements and protocols across your organization, you can save yourself from a lot of potential threats.
Generally, passwords should at least meet these requirements:
- 8 or more characters
- Contains an uppercase letter, a lowercase letter, a number, and a symbol
- Isn’t used elsewhere
- Should not contain any part of the user’s name, username, or email
Depending on what the password is providing access to, more complex passwords may be needed.
Login credentials should also be unique to each person. That means users shouldn’t be sharing the same password information. In cases where a singular account is needed for multiple people, there are ways around this. Programs such as 1Password can help alleviate this issue by allowing you to share a password with someone without actually letting them know what the password is. These programs also do a great job of saving people from having to remember their own endless list of passwords.
Still, even strong, unique passwords can be cracked or leaked. That’s why multi-factor authentication should also be a part of your password protocols.
This way, even if someone knows your username and password, they’ll first need to verify their identity through a text, email, or phone call before they can get access to your account. Not only does this usually stop them in their tracks, but it notifies you when your password has been compromised.
Protection from Today’s Cyberthreats
Through strong passwords and multi-factor authentication can help protect against password leaks and even basic brute force attacks, they’re not foolproof. Modern cyberthreats are continually getting smarter. Phishing schemes are surprisingly effective at tricking people into giving away their own login credentials and inviting malware programs into your systems.
Additionally, advanced brute force attacks can still crack the toughest of passwords if proper defenses and monitoring systems aren’t put in place. These programs work by continually generating different combinations of usernames and passwords until they find a working set. That might seem like it would take a very long time, but the most advanced brute force programs can check up to 1 billion passwords per second. Even the best passwords can’t withstand that for too long.
Ultimately, strong passwords and multi-factor authentication are a great start, but they certainly shouldn’t be where your cybersecurity ends.
A third-party IT partner can be an invaluable resource in defending against today’s threats. At Expedient Technology Solutions, we provide scalable IT services for businesses of all sizes. Our ongoing monitoring and maintenance services are great for spotting irregularities and stopping potential threats before they cause serious damage.
We also offer disaster recovery as a service. This prepares your business for whatever might lie ahead, whether it’s a system error or a data breach. To learn more about what ETS can do for you, contact one of our Dayton, Ohio IT consultants today!