Password Security: The Mission Is Not Impossible
According to a CNBC article from July 2019, cyber-attacks cost U.S. businesses of all sizes an average of $200,000 with 43% of cyber attacks aimed at small businesses.1
Password security is just one aspect of cybersecurity, but an important one to protect your personal information and save your company a lot of time, money and headaches.
My Password is Password
We all understand using “password” as a password is a very bad idea, yet it is the fourth most used password on the internet. The most commonly used password is “123456,” with more than 10 percent of online accounts using this password alone. There are better practices than just “adding a number” to make your passwords more secure.
We checked a unique password idea in an online tool to see how secure it really was. The particular password we tried contained a single, short, common word with a combination of numbers added to the end of it. This resulted in a password that could be hacked in two hours or less. Ouch!
So what can you do to make sure your passwords are secure, yet help you remember your passwords? In order to understand the basics of password security, let’s discuss how accounts are typically compromised.
Brute Force: Picture Your Favorite Spy Movie
You’ve seen the concept in the movies, but a little exaggerated. The crafty spy holds their nifty high-tech device up to the touchpad and it enters every possible combination of stored passwords in the blink of an eye, resulting in spycraft success. This type of password breach is known as a brute force attack and is a similar concept in the real world.
Commonly used passwords contain just a single dictionary word such as “password” or even “monkey” rounding out the top of the no-no list. Nefarious password bots typically start with all the words in the dictionary to guess your password when trying to attack what you think is secure.
Adding multiple word combinations to your password or passphrases, rather than a single dictionary word, will help with increasing the length of your password and delay intrusion attempts. However, more and more bots every day are targeting two or more words strung together.
Security Questions for the Rich and Famous
Another method that has been growing in popularity, and is very common when hackers try gaining access to celebrity accounts, is attempting to correctly answer security questions in an unwanted password reset attempt. This allows some very naughty people to either reset the password or gain direct access without even interacting with your current password directly.
This tends to be more common with public-figure and celebrity accounts because so much of their history is out there for public consumption. However, there are common security questions that ask for things that could be easily discerned based on what you post in your social media accounts or even based on where you live. For example, if you live in Northeast Wisconsin like most of our team, your favorite sports team might be “Packers.” This is a common type of security question and could be easily guessed.
So when choosing security questions for your accounts, avoid questions that are so hard that you would forget the answer, but are also not simple, straightforward questions that intruders can find from looking you up online. It is better to be locked out of your own account than providing easy access to others to do long-term damage.
You know you’ve seen those copy and paste surveys on Facebook that seem like a fun way to pass the time. By copy and pasting and then responding to these questions might be giving away some of the answers that you’re trying to prevent people from knowing. Our best advice… don’t do these copy and paste social media surveys.
The Bottom Line
So while it might be frustrating to add special characters, numbers or upper case letters or use multiple factor authentication, this is one of the best ways to create a more secure password. This makes your passwords that much harder to guess by other humans and bots alike.
Web security goes beyond having a secure, strong password or more difficult security questions, but password security is a great place to start.
At Stellar Blue Technologies, our security experts understand all facets of web security and are able to protect your website on various levels. If your site was recently hacked, have questions about online security, or if you’d like to discuss how we can assist you to make sure everything is secured and safe with your online presence contact us using the form below.
Leave a Reply