How to Make Your Passwords Worthless to Hackers
Passwords have been around since the dawn of computers. Initially they were meant to prohibit employees from accessing the wrong accounts and keep competitors away from your company’s trade secrets. However, they have long outlived their effectiveness in today’s cyber risk world.
According to Verizon’s 2017 Data Breach Investigation Report, compromised passwords are, by far, the most prevalent gateway for hackers to get into personal and company information. 81% of data breaches last year occurred via weak or stolen passwords. Believe it or not, 17% of users still use 123456 and 10% use password as their passwords.
Here are six password strategies to keep bad actors at bay.
Create Hard-to-Guess Passwords
There’s been a lot of discussion about what makes up a good password. Most organizations endorse a password practice of length, made up of alpha, numeric and special characters. The problem is you may not remember it if it’s too difficult. Even worse, you’ll store it on a sticky note beside your computer, so you can reference it often.
NIST recently came out with a recommendation to choose a very obscure long phrase, something you only know. For example, your favorite movie as a kid. Or your childhood best friend’s first and last name. Their research states the right choice, if it is more than eight characters, is more effective than a combination of letters, numbers and special characters.
Use Different Passwords for Different Apps
If you use one or two of the same passwords for many sign-ins, you will make a cybercriminal’s day. Create a unique password for each sign-in.
Change Them Often
Establish a policy regarding password changes. I recommend they be altered at least every 90 days.
Use a Password Manager
Only want to remember one password? Companies like Dashlane, LastPass, and RoboForm store all your passwords in one location.
Use Multi-Factor Authentication (MFA)
First, there were passwords. Then, there was two-factor verification. Now, prepare for multi-factor where a password, code and something unique to you (i.e. voice, face, fingerprint) identifies that you should have access to that data.
While MFA isn’t available everywhere, I strongly recommend you implement 2FA now, so when the next layer is available, you are ready.
Check for Email Breaches on a Regular Basis
Using a tool like have i been pwned? can help identify which applications associated with your email address have been compromised and the type of data that was stolen. Change passwords immediately for those apps at risk.
Brought to You by Axiom Cyber Solutions
Even with the best password strategy, you still need a holistic solution that makes your company’s data nearly impenetrable. We’ll monitor your network 24 hours a day and update your systems hundreds of times per day to ensure your organization has the highest levels of protection. Give us a call today at (800) 519-5070 to learn more!