As you might be aware, October is National Cybersecurity Month and much of cybersecurity centers around passwords. This topic seems banal, yet it’s vital to touch upon it amid that wild and wooly landscape of the connected world. We constantly drive the point home that hacker sophistication advances by the day while company security measures struggle just to stay apace. No system is 100% secure, nor is any bad actor 100% all-powerful. Between these two facts exist some real ways to shield yourself.
With this article, we’ll discuss that oft-used and abused gatekeeper: passwords. Just how unsafe can this feature become and what measures can you enact to protect your company?
Let’s take a look.
A Necessary Nuisance
Nobody actually enjoys generating and entering passwords. First and foremost, they come off as yet another hurdle between you and what’s yours. Despite feeling like a nuisance, that barrier is precisely what’s going to secure your system and data from malicious behavior.
Securing Passwords: The Struggle is Real
Since we all struggle at remembering login credentials, users wind up repeating a lot of common mistakes. Such mistakes include:
Recycling passwords across various accounts
Creating overly short/simplistic passwords
Employing easy-to-remember words
Neglecting regular password refreshes
Every one of us has been warned about steering clear of such errors ad infinitum. Why is that?
Brute Force Attacks
When you consider a giant like Frankenstein’s monster or a cursed mummy, one thing about them that sends chills up your spine: they’re relentless, and their sheer brute power can rip aside the doors or walls of any safe hideaway. Yet malicious software programs exist that operate along the same lines of “brute force attacks,” and they can seem just as relentless.
Brute force attacks describe programs and code that burn through endless password possibilities by testing random alphanumeric combinations until one works. So-called “dictionary attacks” function similarly, trying every word in the dictionary in lieu of random characters.
Overly short or simple passwords play into the design of brute force attacks. In fact, one such program required fewer than 6 hours to crack any 8-character password! And once a password is successfully hacked, hackers then enjoy access to everything behind it. When that password guards a cash-flush business, hackers can strike the motherlode.
Even though digital bandits still visit the Dark Web to purchase vast lists of stolen passwords and personal data, they’ve since shifted their emphasis to focusing their time and energy on a small sample of larger targets. Such attacks justify a hacker’s time and effort given their potential for massive payouts.
A one-off victim has shallow pockets and fewer resources, but a firm stands to lose so much more. Consider the sum of your personal account at your bank versus your company’s at any given moment. Furthermore, consider the sum of all resources at the disposal of your company left wide open to an attack.
The Elusive Cure-All for Password Security
If we boasted a cure-all password defense, we’d be bluffing because one doesn’t exist. But that doesn’t necessarily leave us completely helpless either. So here are three ways to safeguard your password:
Think outside the box — the strongest protection from a dictionary attack is avoiding words appearing in a lexicon. You may either generate nonsensical alphanumeric combinations or employ a word combo uncirculated in standard dictionaries. Also, consider the use of numbers and special characters, plus upper and lowercase. Remember this rule of thumb: the harder it is to remember a password, the more time required for a malicious program to guess it from a bombardment of attempts.
Regularly refresh your passwords — theoretically, hackers will eventually be able to steal your password given enough time. But if you update all of your login credentials on a regular basis, that alone will leave hackers stabbing in the dark — even in the case they ascertained a previous password. For this, we recommend a refresh every 1-3 months.
Stop recycling passwords — sure, it can be a real pain to memorize several passwords. Some of you will end up needing to utilize over a dozen passwords before you sip your first cup of java in the morning! This recommendation safeguards as much data as possible if one of your passwords falls victim to an attack. Unique passwords fit the analogy of a submarine or ship with multiple compartments below deck — if the vessel springs a leak and a compartment flood, sealing it off mitigates the damage. With all identical credentials, one lucky attempt could deep-six your entire digital world.
Don’t Go At It Alone
Try as we might, we only possess so many tools at our disposal to fend off threats stemming from passwords. Besides, safeguarding any system can morph into a full-time job on top of the one you already have.
Your single-handed attempts at fighting this hydra might be brave, but consider calling in the aid of some dragon-slaying pros! Our seasoned team would be delighted to ride to your company’s assistance with password management as one component of the toughest cyber armor on the market. Even if you’ve suffered a nasty breach in your defenses, we can help repair and defend against whatever the future might hold.