Why passwords are the weakest link
Safeguarding your organization’s data, digital assets, and online platforms on your network are of utmost and critical importance in today’s digital landscape. The key to the door of your network, of course, is your password. In fact, passwords have been in use since before digital technology–just think of the ogre in ancient myths and fairytales, guarding some bridge in a far away land: to cross the bridge, a traveler would have to pay a toll or fight the ogre or give a password. Literally, the word “password” can be broken down as “the word that allows one to pass through”; it’s the “word-key” we use to pass into a digital space.
The trouble with passwords is multifold: remembering passwords, making complex and unique passwords, storing and saving passwords, and safeguarding passwords can all be a challenge. Indeed, passwords can be the weakest link in your organizational network chain. This is because poor passwords may result in a compromise, which can cause many problems for any business, making them vulnerable to hackers.
According to Verizon’s DBIR 2022 (pp. 37, 75), over 80% of data breaches of small to medium-sized business (SMBs) are caused by compromised, weak, and recycled or reused credentials, namely, passwords. Weak passwords are a number one way in which cybercriminals are able to breach a network, using that “key” to enter into the SMB’s digital space.
What can you do?
Practice good password hygiene.
Just like you would never share your toothbrush with anyone else–regardless of how much you love them–so you should never share your password with anyone. Practice the following tips to remain password safe and savvy.
1. Poor Over-used Passwords
Do not use these as your password…they’re over-used, easily guessed, and hardly secure in the least!
- 123456
- 123456789
- Qwerty
- Password
- 12345
- 12345678
- 111111
- 1234567
- 123123
- Qwerty123
Not only are these 10 passwords some of the top 10 worst passwords ever, variations of these are not worth a hill of beans either. Simply stay away from these passwords or variations thereof.
Other poor passwords are ones that are personal to you, as including your birthdate, your child’s birthdate, or anyone’s birthdate who is close to you; your home address; your email address; any information on your social media accounts, from which cybercriminals can find a wealth of information to hack with; or any other information that is personal to you and might be easily guessed by someone who just looks through your social media accounts.
2. Good Passwords
What makes a good password then? Use this as your guide:
- Memorable and easy to remember.
- Make sure you can remember your password, or else it won’t do you any good!
- Hard to guess, especially for a computer.
- A good password has to be something unique and creative that only a human like yourself could remember. A number of hackers will use computer programs or software to guess your password; thus, it is important to outthink a computer by thinking like one, and then making your password as unlike that as possible. How do computers think? With patterns and systems–so be creative and unique in your password creations!
- Complex, complicated, and unique…and changing.
- Make sure your password is not only easy for you to remember and difficult for a computer to guess, but also complex, complicated, and unique: again, think like the creative, unique human you are, and create a password in accordance with that!
- Along with this, it is important that you regularly change your passwords, in order that they stay complex, complicated, and unique.
- A combination of alphanumeric and special characters.
- Utilize letters, numbers, special characters, capitalization, and lower case to make your password.
- For example: Y0uC0u!dm@k3UR password like that.
- Think of it as a pass-“phrase” and not so much a pass-“word.”
- A password doesn’t need to be super long and confusing to be complex, complicated, and unique!
- Be creative in your creation of passwords–and really, create them like passphrases.
- For example: Kr3@t3-@-$3nt3nc3 to make your password as complex, complicated, unique, and memorable as possible.
3. Triple Play!
Make sure to not only have a strong password, but also support it with the following:
- PM – Password Manager
- A password manager helps store multiple unique passwords for all your online accounts. They can also help you keep track of all your passwords and store your passwords in one safe and encrypted place. This disadvantage is that if your master password for your PM is discovered, your accounts may become compromised. Thus, you will need to make your master password for your PM very strong and utterly unique.
- SSO – Single Sign-On
- A single sign-on password is popular because you only need one password to access multiple accounts online. As with the PM, the disadvantage of this is that if your SSO password is guessed or discovered, then your accounts might become compromised. Thus, you will need to make your SSO a very strong and utterly unique password that you do not use anywhere else.
- MFA – Multi-Factor Authentication
- Multi-Factor Authentication is one of the best ways to protect your accounts online. It is also known as 2FA or Two-Factor Authentication because it requires multiple or two kinds of verification to authenticate an account. This verification might be biometric, as a facial or fingerprint scan; a push notification sent to your phone or device; or a code sent to your phone, device, email, or other account. In fact, MFA provides 99.9% protection against attacks on your accounts.
Do you need help?
We’re here to help!
As cyberattacks become more sophisticated, you may not be able to devote sufficient time and effort to combat them. As a managed security service provider, we can ensure your team creates strong passwords, stores them securely, and changes them on a regular basis.
Schedule a no-obligation consultation with us today to learn more about how we can help protect you from poor password hygiene.
#IT4Good!
Also…here’s a picture you can download and color to remind you about the sanctity of passwords!