Categories: BlogNewsletters

Is password security awareness dead?

Is there ever a bad time to talk about password security awareness? With the discovery of GoldBrute and its penchant for forcing its way into some 1.5 million RDP servers, we think not. Are RDP servers not a concern for you? Perhaps the five million attempts to hack into an IP cam near you will pique your interest.

Creating a strong password can protect you from more digital heartache than just about any other single security measure. This fact naturally leads to two important questions:

  • What makes a password insecure?
  • How can you use that knowledge to make a resilient password?

What’s in a password?

Passwords are a still a huge asset. At one point, they were even a decent means of security in their own right—but times have changed. The problem with passwords in the modern age lies with their simplicity. They are, after all, simple strings of characters. Since everyone has access to that same set of characters, a password’s security comes solely from the (hopefully) unique arrangement of those characters.

Given enough time, anyone—or more likely a brute-force program—can discover that sequence. And computers have reached a point where their sheer processing power can crack simplistic passwords in mere seconds. While creating a strong password is the obvious answer here, simple, easily hackable passwords are still too much of a temptation, according to CNN Business’ list of the most common offenders. In fact, more than 23 million accounts rely on the complexity of “123456” to protect their goods—so much for password security awareness in business.

Here’s the full list of the 10 most common passwords:

  • 123456
  • 123456789
  • qwerty
  • password
  • 111111
  • 12345678
  • abc123
  • 1234567
  • password1
  • 12345

It doesn’t take a cryptologist to see the problem with these. But what should you do?

Create stronger passwords

If the password on the above list are the kind of security people rely on, it’s really no wonder why brute force attacks are so popular. To avoid these common passwords and the pitfalls they represent, you’ll need stronger password. Here’s how:

  • Avoid using actual words in any part of your password
  • Avoid numbers in sequence
  • Avoid using the same password for multiple services
  • Do use a combination of upper-case and lower-case letters, numbers, and symbols
  • Do use at least 8 characters. The longer, the better
  • Do regularly replace your passwords with new ones

However, you probably have many accounts that each require a username and password, so trying to commit more than a couple of these to memory could be rather frustrating. Luckily, an entire class of applications has arisen to help you keep your passwords in top shape. Services like LastPass, for example, can remember all your passwords for you. As long as you’re signed in to the browser extension, the service will remember and autofill your credentials when you log in on a website. With built-in random password generators, you can instantly make a unique 50-character string and never need to remember more than your device unlock code and your Lastpass password. This method virtually eliminates the possibility of someone remotely brute-forcing their way into your account.

Consider multi-factor authentication (MFA)

Ultimately, passwords are insufficient by themselves. Even with the most random string of characters, rainbow tables and dictionary attacks can still get lucky. Feel free to check out cybersecurity expert Troy Hunt’s website and see for yourself if you’ve already “been pwned.” To be truly secure, you need a better strategy.

Fortunately, a better strategy presents itself quite plainly: You should use more than just a password. For doubly strong authentication, an account should require something that you know and something that you have in order to prove your identity. A strong password would fit the bill for something you know. Wherever possible, configure two-factor authentication to send confirmation to your phone—something only you would have—when a sign-in is attempted.

In this example, a hacker would need to know both the credentials to the account they’re trying to crack and have physically stolen and unlocked your cell phone, which is a highly unlikely scenario.

Think even bigger to stay secure

Finally, since password hacking isn’t the only way the bad guys can pilfer your digital goods, it’s also important to complement your newfound password prowess with security for the endpoints where you use them. While we don’t have time to outline the “how” for securing endpoints here, a good place to start is opting for devices with baked-in security, like HP’s secure printers. Doing so can provide an instant backup for any password insecurities.

To sum things up: Make sure your passwords are long, random, constantly changing, and never the sole point of failure in the event that a hacker gets their hands on one. Doing so will help to keep you safeguarded against digital ruin.

used with permission from Tektonika (HP)
by Joe Hewitson

Gizer Gedik

Marketing

Recent Posts

Shared Mailbox vs. Regular Mailbox in Microsoft Exchange

Microsoft Exchange provides multiple ways to control email communication in a business. Shared Mailboxes and…

2 days ago

Remote Work Rising: The New<br>Way We’ll Work

Remote working was once a niche specialty, only used by tech-savvy and freelancers. But in…

2 days ago

The Role of Print Servers In<br>An Organization

While we live in a digital age, print is still a staple for many businesses.…

2 days ago

Implementing Anti-Spoofing Rules for Email Protection

Increasingly, email communication is playing a pivotal role in business operations, facilitating collaboration, customer engagement,…

3 days ago

The Comprehensive Benefits of MSP Management for Servers, Exchange, O365, VPN, and Networks

As the digital landscape evolves, businesses of all sizes face the challenge of managing complex…

3 days ago

Cost-Benefit Analysis of On-Premises Network/Server Infrastructure vs. Azure-Based Cloud Infrastructure

In the evolving landscape of information technology, businesses constantly seek the most efficient and cost-effective…

3 days ago