The flaw in your password

Since 2013, the first Thursday in May has been marked as World Password Day, aimed at promoting better cybersecurity hygiene by improving easy-to-guess passwords or refreshing old passwords that may have been compromised. .

Insecure or inadequate passwords are an easy target for cybercriminals and provide easier access to critical information than trying to break through state-of-the-art security protocols. Attackers can discover or circumvent weak passwords using brute force attacks, inject compromised credentials to gain access to user accounts using data stuffing attacks identification or use a host of other strategies to hijack user accounts to steal personal or corporate data.

Password faults

Being diligent in creating strong passwords and updating them regularly has for years been considered the first line of defense in securing both your personal and company information. Unfortunately, most people aren’t diligent about creating strong passwords and keeping them secure.

Tom’s Guide cites various rankings to round up the world’s worst passwords in 2022. These include: 123456; 123456789; qwerty; qwerty123; and password. According to UK National Cybersecurity Centerthe password “123456” was found more than 23 million times in exploits tracked by web security consultant and researcher Troy Hunt of Have I been pwned.

Improve your passwords

Security experts recommend against using passwords tied to your name, family members’ names, or pets’ names; do not use consecutive numbers or letters as a password; and create passwords of at least 10-15 characters that randomly mix letters, numbers, and symbols.

Common best practices include: don’t reuse passwords across multiple sites and accounts, and change them regularly. Don’t choose passwords that might be easy to guess, like your favorite food, sports team, activity, or favorite music. Don’t assume that simple obfuscation techniques will work: “[email protected]$$w0rd” is only slightly harder for hackers to guess than “Password”.

But while generating a hard-to-guess password is relatively easy, remembering multiple configurations of obscure letters, numbers, and symbols is more difficult. the Cyclonis Password Security Report found that half of respondents forget their password four or more times a year. 27.95% of people forget their password 10 or more times a year, and 6.96% forget their password 16 or more times a year and have to reset them each time.

Recording all your passwords on a digital document or writing them down on a piece of paper is not the best way to remember them, as these documents are also at risk of being seen or stolen, which could lead to access to your accounts and information and could also allow them to impersonate you in email and social media phishing attacks targeting your contacts.

Towards better security

As it becomes more difficult to generate and remember strong passwords, password managers have emerged as a good way to better secure your accounts. Choose one that is reputable, encrypted, and in the cloud. Although some password managers are free, I recommend using a paid service to make sure you’re supported if needed, and I suggest looking for one with thousands of good reviews. Good password managers generate a strong random password up to 24 characters and remember it for every site and app. Users then have to remember only one password – for their password manager vault.

Tokens and multi-factor authentication are also excellent systems for securing access to accounts and applications. Adopt a Zero Trust approach is a better way to overcome password weaknesses. Unlike the old “castle and moat” security model, where one password serves as the key to everything in the castle, Zero Trust prevents attackers from wreaking havoc once they are inside the castle. In Zero Trust, no one is trustworthy and users and devices are thoroughly authenticated before allowing them access only to the systems and applications they are authorized to access.

Comments are closed.