Passwords are one of the first lines of entry for hackers to gain access to your network and personal information. Since passwords are becoming far too easy to hack, businesses are starting to move away from simple username/password combinations and more towards two-factor authentication (2FA), multi-factor authentication (MFA), and/or biomarker logins.
Despite the volumes of information out there about internet, network, and password security, some people still insist on using passwords like “1234” or “password” for their most important accounts. Or, they may use the same password for all of their accounts, laying their systems bare for thieves to access.
Pet names, sports teams, favorite bands, children’s names—these types of passwords are all pretty easy to figure out. Once one site is breached, that password can become the gateway to access all of your other accounts…and then the domino effect begins.
Cracking the code
You might think that no one could possibly guess your passwords, but unfortunately, the technology to do so exists right now—with no human sleuthing required.
IBM itself is the architect of password-cracking machine Cracken, which leverages intricate calculations to figure out passwords of up to 14 characters in less than the time it takes to brew a cup of coffee. The architects of this technology state that password complexity is hardly the issue: as long as the password is 14 characters or shorter, the Cracken can figure it out pretty quickly. Once the password becomes more than 14 characters, it becomes exponentially more difficult to crack.
Of course, IBM had no shortage of resources to develop the Cracken. But cybercriminals are using similar technology—and when there’s a will, there’s a way. No matter how “uncrackable“ you think your passwords are, you may want to consider some updates.
Take a multi-layered approach to password safety
Cybersecurity experts can agree on one thing: most of the common password systems of today are deeply flawed. Until we are able to access a “perfect” method of authentication, we should at least take advantage of 2FA or MFA when we can.
Businesses can be especially susceptible to unauthorized password access. Spoofing and phishing, for instance, are incredibly common tactics used against businesses: the malicious party will craft an email that looks exactly like an email from a legitimate source, urging your employees to click on the link and enter their login information, account information, and more. Without having to hack even a single password, the thieves can then gain access to everything they need.
Fortunately, there are ways to keep your passwords and logins safe. Here are some tips on password policy that you can—and should!—implement on a company-wide basis:
Password Safety Tip #1: Lengthen your password character requirement
If there’s one thing that we can learn from the Cracken, it’s that passwords longer than 14 characters are incredibly difficult to crack. If you are still using a password-only authentication system, opt for passwords more than 14 characters in length to make it tough for cybercriminals to access your information.
Password Safety Tip #2: Changing passwords on a regular basis provides little to no benefit
Many business security systems require their users to change passwords every 30, 60 or 90 days. According to the National Cyber Security Centre (NCSC) in the United Kingdom, this tactic fails because, for the most part, stolen passwords are exploited immediately—hackers aren’t likely to wait a month or more to use what they’ve learned. This practice can also reduce security because the frequent changes may compel employees to choose simpler passwords or use small variations on a common theme, making them easier than ever to hack.
Instead of requiring regular password changes, security experts suggest monitoring logins and other network activity from a centralized source as a more reliable way to maintain vigilance. When these activities are monitored, a user should only be asked to change their password if there is a reasonable suspicion that their account may have been compromised.
Password Safety Tip #3: Use a password management solution
Single sign-on software or password managers allow your users to access all the applications they need to do their job from a single set of credentials. Not only does this simplify the process of logging into the system, but it makes it easy for admins to monitor account activity and detect unusual behavior, too.
If you choose to implement such a solution, a more robust identity governance policy should be instated. These could include 2FA or MFA techniques that require users to respond using biomarkers (like facial recognition, voice recognition, or their fingerprints) or with something that proves ownership (such as a security code sent to their mobile phone).
Other admin tips for better password security
Some other password security tips that can be implemented by network admins include:
- Blacklisting too-common password choices
- Monitoring unsuccessful login attempts
- Blocking the ability to change passwords after too many failed login attempts
If you do business in Arkansas and would like to learn more about how you can make your company’s password security more reliable, reach out to Business World today to set up a consultation.