Passwords are still the most common way of protecting online accounts, even though they are easily compromised. According to TechRepublic, approximately 70 percent of the world’s most commonly used passwords can be decoded in under a second, for example.
The root cause of most data breaches
Weak passwords threaten online users and represent a global security issue. A Keeper Security study found that weak passwords were the root cause of most data breaches, and the results can have far-reaching implications.
For instance, a compromised password was to blame for the 2021 Colonial Pipeline hack, which led to significant East Coast fuel shortages. Meanwhile, there were troubling reports in 2022 of hackers targeting the Wolf Creek Nuclear Operating Corporation, which operates a Kansas nuclear power plant.
Given the potential for cyber warfare and the obvious inconvenience and vulnerabilities associated with passwords, one might wonder why we continue to use them at all. The answer is simple: we don’t have a better alternative yet.
With that in mind, here we take a look at how to ensure passwords are as effective as possible and how to add additional layers of security to protect accounts.
Use strong passwords
The strongest passwords generally have these characteristics:
- Longer than 12 characters
- Unique
- Complex
- Hard to guess
- Random
Because threat actors use algorithmic software to crack passwords, length is a critical factor. It takes a program far longer to crack a 14-character password than a six-character password. Uniqueness is also essential; any passwords on the most-common list (qwerty123, 123456, password, and so on) must be avoided as many password-cracking programs test these first and foremost.
Complexity is the mix of upper and lower-case letters, numerals, special characters, and punctuation. While hard to guess and random means avoiding any known words, terms, or personal information.
Rely on a password manager
Password managers such as LastPass conveniently store your codes in an online vault, which you can access with a single master password. They also help you generate strong passwords and automatically log into sites and accounts.
While these managers aren’t immune to attacks (as witnessed by LastPass’ 2022 breach), most reliable programs follow exceptionally robust security practices.
Whenever possible, opt for MFA
MFA provides another layer of security by requiring an additional method of authentication. For instance, a password plus email or SMS verification. Although both SMS and email verification have known issues, when combined with a strong password, MFA affords far greater security than a password alone.
According to F5 Labs, invisible MFA (iMFA), which relies “on factors that are invisible to the user”, is one potential solution to the password problem.
Don’t change passwords regularly
Traditional wisdom held that changing passwords regularly helped prevent attacks. But in recent years, experts have discouraged this practice, instead encouraging us to keep the same long and complex passwords long-term (unless a password is compromised).
The National Institute of Standards and Technology (NIST) updated its standards in 2017 to reflect this. And it goes without saying that each account should have a dedicated password.
When it comes to passwords and account security, the best offense is a good defense. Follow the steps above to protect your personal and business accounts.