Six Non-Negotiables of Password Security – World Password Day, May 5th
It’s World Password Day today. And while most of us feel we would never use a hackable password, do we actually know what a robust password is? Or how many passwords we should have? Or where we should store them?
History has proven that even large enterprises have fallen prey to hackers through basic password hygiene. In March, the Brazilian hacking group N4ughtySecTU demanded $15 million from TransUnion to not publish millions of personal records which had been reportedly accessed by using “password” – the fifth most common password in 2021 – according to virtual private network provider, Nordpass.
David Lees, co-Founder of IronTree, a leading Managed Service Provider in the Middle East and Africa region offering a suite of backup and cybersecurity products, which was acquired by Metrofile in December 2021, explains, “These days, there are numerous ways to create robust passwords and save them for easy and swift retrieval. Tools like KeyChain Access or software like 1Password, LastPass or Dashlane. Beyond that, you need to “LayerUp“, adding two-factor authentication (2FA).
Companies are unaware of the daily threat via malware and ransomware, with cybercriminals becoming smarter in their approach. Most need intelligent password management, with frequent editing, but that’s basic. You need an expert partner, and not just software, to protect data.”
Businesses have a legal obligation to protect consumer data under the new POPIA act, so they will need cybersecurity, backup, disaster recovery for emergencies, private hosting, and POPIA compliance. That is essentially our five-pronged security suite at IronTree. It has helped us to be acknowledged as Acronis Cyberfit Partner Award for “Best Service Provider’ in 2021 across the Middle East and Africa Region”.
5 common passwords in 2021 and how long it takes to crack them, according to Nordpass:
- 123456: Less than one second to crack, with 103 million uses counted in a study
- 123456789: Less than one second to crack, with 46 million uses counted in a study
- 12345: Less than one second to crack, with 32 million uses counted in a study
- qwerty: Less than one second to crack, 22 million uses counted in a study
- password: Less than one second to crack, with 22 million uses counted in a study
IronTree proposes “The Secure Six” password tips:
- Create complex and unique passwords, which are not easy to guess.
- Change them every few weeks, or even months.
- Make use of a password manager. Password managers act as a library for all your credentials and plug into desktop apps as well as your browser. Your browser does not count as a password manager as a hacker can access the cache your credentials are stored in and exfiltrate them. A password manager can also add multi-factor authentication (“MFA”) to your credentials.
- Following that, use multi-factor authentication. Make sure it is enabled on as many of your accounts as possible. This means you’ll need to verify a login attempt before you’re able to access that service. MFA also ensures that, if an account of yours gets compromised, the hacker won’t be able to access that account until the login is authenticated.
- Don’t use the same password across multiple accounts. This ensures that if one of your accounts is compromised, it won’t lead to more accounts being hacked.
- Don’t share your personal passwords and store them securely. You shouldn’t keep your PC’s password on a sticky note stuck to your desk or write it down in a notebook. This allows anyone to see your password and use it to access your accounts.
Unpacking password management statistics
- 2020: the year when the top type of information stolen around the world was credentials.
- 60%: the percentage of data breaches that involve credentials.
- 40%: the percentage of people in a 2020 study who said that their company data was compromised because of a weak or cracked password.
- 20: the number of common categories into which the majority of passwords fit.
- 40%: the percentage of organizations that rely on sticky notes for remembering passwords.
- 82%: the percentage of workers who admitted recycling the same passwords.
- 60%: the percentage of recycled passwords that appeared in multiple data leaks in 2020.
- 25%: the percentage of data breaches, which were a result of credential stuffing in 2020.
- ¾: the number of employees who use the same passwords for their work accounts as they do for their personal accounts.
The history, according to National Day Today:
- 1961: Massachusetts Institute of Technology (MIT) creates the computer password so that multiple people can use a shared computer system.
- 1971: Public-key cryptography is created so two people can authenticate each other without exchanging a cryptographic key.
- 1979: Weak Passwords: A study done by Morris and Thompson demonstrates that guessing passwords through personal information is easier than deciphering passwords.
- 1986 Two-Factor Authentication: Two-Factor Authentication emerges and is adopted.
#WorldPasswordDay #PasswordDay #StrongPassword #WeakPassword #ChangeYourPassword
For more information contact Julia Ledingham at [email protected] or call 021 419 3144.
Sources:
https://www.itweb.co.za/content/o1Jr5Mx9BVjqKdWL
https://nordpass.com/most-common-passwords-list/
https://nationaldaycalendar.com/world-password-day-first-thursday-in-may/
https://rist.tech.cornell.edu/6431papers/MorrisThompson1979.pdf
Brandstories Disclaimer:
Brandstories is not liable for the contents of the information published on this platform. The information which subscribers publish on this website is for general information purposes only and Brandstories facilitates the ability for viewers and subscribers to access this platform. Subscribers who publish their content on Brandstories are held responsible for their own content. This includes ensuring that it is factually accurate, grammatically correct, free of spelling errors, and does not contain unsavoury content that could result in legal action. In the case of linguistic translations, the onus is on the client to ensure that the translation is accurate. In no event does Brandstories make representations or warranties of any kind, expressed or implied about the completeness, accuracy, reliability, suitability or availability with respect to the information supplied and published. This website includes links to other websites, including third party websites. Brandstories does not recommend, endorse or support any views that are held by subscribers publishing information, and within these links provided. Furthermore, Brandstories does not have control over the nature, contents and availability of information contained on these sites. Any form of reliance readers and consumers may place on information published on Brandstories is strictly at their own risk. Brandstories makes every effort to ensure that the website is up and running smoothly at all times, however Brandstories does not take responsibility for, and will not be held liable for times when the website is temporarily unavailable due to technical glitches that are beyond our control.