Password Security: The Most Basic and Essential Cybersecurity Defense
National Cyber Security Awareness Month (NCSAM) is being recognized for the thirteenth year in a row this October, and with this anniversary comes the reminder that enhanced cybersecurity defenses are necessary for everyone from large, multinational corporations all the way down to families and individuals. The overall theme of the month is that cybersecurity is our shared responsibility, meaning that it is not just the duty of IT professionals or CEOs to be cyber aware, but it is all of our collective obligation to act as a cohesive unit in the fight against cyber crime.
Many people become overwhelmed with the amount of information they are supposed to remember surrounding cybersecurity–“don’t click on this type of link,” “watch out for this sign of malware,” and so many more–but these issues cannot even begin to be addressed until we refine the most basic and essential cybersecurity measure of them all: strong password security.
At this point in our technological age, everyone is well aware of passwords being of significant importance when it comes to safety and security on the Internet; though most may agree with this sentiment in theory, many are not implementing this idea in practice, despite being well-aware of the consequences.
The Myspace data breach from earlier this year left 360 million accounts’ passwords exposed on the Internet. Despite this massive amount of personal information now out there in the open, many people did not feel the same way about this breach as they might a breach of another website, primarily due to the fact that they had not visited the site since the prominence of Facebook and Twitter came about. Though many people may not have accessed that site in quite some time, some still use their Myspace password or one similar to it as passwords for other websites. Consequently, these dormant accounts with poorly secured passwords have left people vulnerable to a plethora of other attacks. Password security is an area of cybersecurity that needs to be taken much more seriously in order to avoid these types of threats.
Secure Password Tips
The average person today has a whopping 22 passwords just for their professional data, and that does not even include their personal information like social media and private email accounts. ‘Password hygiene’ is the active implementation of password security best practices and some tips to make keep your password hygiene squeaky clean include:
- Do not use the same password for different accounts–Three-quarters of consumers use ‘repeat passwords’ across multiple platforms. When they do this, if one account is compromised, they leave all other accounts protected by the same password exposed to further attack.
- Change your passwords often–By leaving passwords stagnant rather than changing them regularly, it is that much easier for hackers and other cyber criminals to guess your password and give them access to your personal information. Forty-seven percent of people are securing their financial accounts online with passwords that have not been changed in five years, and this is extremely dangerous. In addition to changing your own passwords often for both professional and personal accounts, it is important for employers to avoid using default passwords when setting up accounts for new employees. Default passwords give criminals an open, unsecured door into your entire enterprise.
- Never give out your password to anyone–When you share your password with even one other person, you are exposing your accounts that much further to cyber criminals. By being solely responsible for your own data, you can contribute to the NCSAM philosophy of security being our shared responsibility by being personally accountable for your own data.
- Do not use easy to guess words or phrases in your password–Though you may sincerely love your dog or favorite band, it is important to be aware of what information people know about you that they can use to guess your password. Though you should not blatantly use ‘dictionary words,’ this idea can be a good jumping off point for coming up with more complex passwords. One way to do this is by being liberal about character substitutions, such as replacing “o” with “0,” “e” with “3,” or “i” with !.”
- When possible, utilize sites’ multi-factor authentication–Most websites now use two-factor authentication where there is not only a password used to protect your account, but also a one time code you enter in to verify your identity. This simple step takes a few minutes at most and can make a huge difference in your personal cybersecurity defense.
- Use a password manager to make remembering passwords simple–A big complaint by most of us is that there are just so many passwords to remember across the different areas of our lives, and it can be very difficult to remember all of these when they are also meant to be intricate and hard for hackers to guess. One way to ease this burden is by utilizing a password manager. A password manager is generally a free database that you can download to your computer (often coupled with a smartphone application option) where you can store all of your passwords. When this is used, you only have to remember one complex password rather than your entire catalog of password information.
One of the biggest fallacies people believe surrounding cyber crime is “It won’t happen to me,” when in reality, it is likely that this will not be the case. A major philosophy of many cyber experts is that it is not a matter of if we will all be attacked online, but when. While this is a rather daunting thought, there are ways which we can lessen these chances, the most basic of which being securing our passwords. By coming together and taking this small step, we can be more accountable for our presence online as a whole, sharing the struggle of cybersecurity as our shared responsibility.
Hailey R. Carlson | Axiom Cyber Solutions | 10/21/2016