In a world driven by digital connectivity, having a strong password is imperative to secure your critical data. While you may have heard all of this before, it is important to note that every day, there is a cyberattack on businesses and individuals who use weak, easy-to-guess, and redundant passwords, allowing hackers to intrude into systems and programs and steal data.
Here are a few facts:
- 80% of successful data breaches are the result of compromised login credentials.
- 3 in 4 people risk being hacked due to poor passwords.
- 13% of Americans use the same password for every account.
(explodingtopic).
Consider a thriving business that falls victim to a security breach because of a weak or redundant password. Once malicious actors gain unauthorized access to your sensitive information, it jeopardizes not only the company's data but also puts customer trust and data at risk. The repercussions extend beyond financial losses, as the compromised integrity of the business can destroy its reputation. Also, besides the reputation damage and risk of leaving clients, in case of a breach where customer information was affected, the US law requires companies to let those users know of the breach and, if appropriate, buy them credit monitoring services for a number of years. Both of these may become very costly depending on the size and type of the breach.
Brute force attacks make compromising much easier.
In our blog, "Protecting Your Passwords in the Age of Artificial Intelligence: Tips to Avoid Brute-Force Attacks," we explained that, in the age of artificial intelligence, malicious actors can hack into systems quite easily using brute-force attacks.
Fortinet.com states that brute force attacks are hacking methods that use trial and error to crack passwords, login credentials, and encryption keys. It is a simple tactic where the hacker tries multiple usernames and passwords, testing various combinations until they find the correct login information. This AI tool can often crack 51% of passwords in one minute. As AI evolves, it will become much easier to crack weak passwords by the second.
So, what makes a strong password?
As a Managed Service Provider whose top priority is the security of our clients' data, Infiniwiz would like to share a few tips on what makes a password strong and impossible to hack.
Use Unique Passwords Across Websites:
Infiniwiz warns against using the same password on the websites you use. If your password is ever stolen and you use it frequently, hackers will have no trouble accessing the information on other websites. This does not mean that the entire password must be completely unique. A password can be made of multiple components, like words/phrases. Ensure that your passwords are not specifically the same.
Optimal Password Length:
Passwords should have a minimum of 12 characters. However, 16 characters are recommended since processing rates at least double yearly, allowing hackers to "brute force" passwords faster. Choosing 16 characters will prevent you from repeating the same practice in five years.
Include a Variety of Characters:
Passwords should include upper- and lower-case letters, digits, and special characters. Again, it's okay to use words. Just make sure all components (characters, numbers, lower- and upper-case characters) are still present.
Avoid Predictable Patterns:
Avoid using a word preceded or followed by a single number (e.g., Password1). Hackers will try guessing your password using word lists and popular passwords.
Additionally, avoid using words related to the website at hand. For example, a Facebook password should not have "face" and/or "book" in it.
Avoid Personal Information:
Avoid using details in your password that could be known about you or found in your social media accounts (such as birthdays, the names of family members, hobbies, etc.). It is important to note that you should always assume that even your social security number is known to hackers, so any personal information can be easy for hackers to guess.
Diverse Password Creation:
Avoid using a system to create passwords based on vendor or otherwise. For example, if you're creating a password for Amazon.com, you will need more than just making the password a1m1a1z1o1n1n1n1.
Consider using a passphrase:
A passphrase is a string of words mixed with numbers and symbols that is hard for malicious actors to crack. To create strong passphrases, use websites like 1Password, bitwarden.com, or randompassphrasegenerator.com.
Important note:
Adhering to security compliance standards, which emphasize the importance of using strong, unique passwords, may result in passwords that are not easily memorable. This intentional complexity, including the avoidance of password repetition, is crucial to ensuring robust security practices. They ensure that you have a password manager to keep track of your passwords so that you can log into the services you need efficiently.
Additionally, it's worth mentioning that with today's technology, it is probably easiest to stay safe by creating random, complex passwords and storing them with password management software. The software will then fill in those passwords by itself on a computer or phone, as needed. The only password you should make memorable is the one for the password management software.
Check out our article "Need Password Management? Infiniwiz is Here to Help" to find the perfect password manager and learn how Infiniwiz can help you manage your passwords.
Additionally, check out the "brute force calculator" to test some of your passwords and see how long it would take for malicious actors to crack your password.
Overall, when protecting your critical data, ensure that you have a secure and complex password that will make it too difficult for malicious actors or Artificial Intelligence to intrude into your devices and programs. If you have any questions or want to know how Infiniwiz can assist you in choosing and managing complex passwords, please get in touch with us!