Reports continue to come in about security breaches simply due to weak passwords. Good passwords prevent unauthorized access to private and sensitive data. With the right tools and enough time, weak and short passwords are easy to crack. Even more so with passwords based on simple single words since letters can only be assembled in certain ways. Mixing letters, symbols, and numbers go a long way to improving password security.
The top 10 list of most commonly used passwords are shockingly simple since they are conveniently easy to remember for the authorized user to use. Default passwords such as “admin” are all too common for basic datacenter hardware such as routers, firewalls or switches. Just as surprising, the usernames can in many cases be identical to the password or simply list the manufacturer’s name. An admin needs to be changing these passwords. Otherwise, a large part of the data center will become compromised. IT staff then need to spend several painstaking hours to determine the cause of the breach.
Short and simple means insecure
Usernames and passwords are a staple among organizations for granting access to certain parts of a company’s IT hardware and software. Replacing the simple username and password process usually proves too cumbersome, difficult to implement even just to remember.
Overly complex passwords with mixed upper and lower case letters along with numbers and rarely used keyboard characters can make remembering password a next to the impossible task and simply too difficult to remember. If in a home or very small business, writing down passwords and keeping them under lock and key can solve this problem. Larger companies, however, need to be aware of insider threats so such a solution would not be advisable.
Remember, that strong passwords are not the solution to cyber attacks. With the right know-how, it’s easy to circumvent a password. Backdoor access, malware, phishing (to obtain passwords) viruses can all wreck havoc and/or obtain access to a system as well.
Frequent changing
Several log-in sites recommend changing the password on a frequent basis. That specifically is not necessarily making access any more secure but can help remind the user that password security is a priority and a reminder to keep strong passwords in mind. Many login areas will also prevent users from simply using the same passwords over and over again. This also applies to passwords that are too short, simple and super easy to remember. Using the same password for multiple sites is an unfortunate and often occurrence. This leaves all other login prompts vulnerable to the same breach. The argument can also be made that a very long complicated password can help the user remember the same password for a long time and can be used for quite some time. There are risks to this as well, however.
Two-factor authentication is a popular alternative where access is provided by obtaining a second password from a personal smartphone while using the usual password.
It is also extremely important to simply not reveal or tell others anywhere what the password is to gain access. This can be either verbally to a colleague, via email or even text message among several other ways. Passwords can all be obtained in various ways. They include:
listening in via unprotected wifi at a public location
a disgruntled employee
phishing email
hackers impersonating others over the phone
Longer means improving password security
Improving password security involves long passwords that are difficult to remember. They only need to be difficult to guess to an unauthorized user. Without using simple personal details that could be easy to guess, each individual has their own personal choice. They can be phrases, and numbers that mean something to them. As a result, these passwords are more easily remembered than random computer generated passwords. This can be countries lived in in the past starting in alphabetical order with a current phone number and a zip code. Or favorite cocktail mixes and a number etc. A rarely used password is harder to remember, however.
Sometimes the hardest part of improving password security may be actually having to remember the importance of strong passwords. This holds especially true if an employee has only just recently gotten used to that complicated password. It will help if an organization is able to provide actual training sessions on security with visual examples and explanations. This way employees more easily retain this information. Otherwise, a monthly email reminder needs strong enforcing.
Several employees changing passwords on a frequent basis will minimize the consequences of a security breach. This will certainly benefit the company as a whole and its valued data. Many times, hackers will not reveal that they have gained access to a system.