Securing passwords has become more necessary than ever, as they are the last line of defense against various threats and risks. Sadly, many people have horrible password habits, as evidenced by the rise of “credential stuffing” cases in 2018, a form of cyberattack wherein a hacker tries to take advantage of the fact that most people use the same passwords across multiple devices and accounts.
Over the years, billions of usernames and passwords have been leaked, with hackers using automation to hack into accounts by matching usernames with the right password.
So if, for example, your password is a loved one's name or birthday, it would be easy to guess because such information can be easily found online.
If you now feel that you have nowhere to hide, don’t fret. There are still many ways to beef up the security of your sensitive information. Take note of these password habits to dramatically improve data security:
Longer is better
Longer is always better, and there is a mathematical explanation for this. On a basic alphanumeric password platform, there are 62 different options per character (26 uppercase letters, 26 lowercase letters, and 10 numbers) to choose from. This means that for a four-character password, there are 14,776,336 (62 x 62 x 62 x 62) possible combinations. Sounds secure, right? Wrong. With automation, hackers can crack this instantly, as per popular and trusted password-checking site howsecureismypassword.net.
Upping the ante to 14 digits — good for 12,400,000,000,000,000,000,000,000 (12.4 septillion) possible combinations — means it will take a computer around 10 million years to crack a password. As a rule of thumb: if your password can outlive entire generations of humans, then chances are it will be very difficult to hack.
Avoid the obvious
Avoiding obvious passwords like “xxx” may seem like a bit of a conundrum, as many password experts nowadays will tell you that your password should be easy to remember. They are correct; passwords should be easy enough to remember that you should be comfortable enough to not write it down. However, it should be obvious only to you and nobody else.
One good example of an obvious-yet-unique password is one with alternative spellings. This works even for birthdays; for example, instead of using the MMDDYYYY format in digital form (01012019 for the date January 1, 2019), using One01Twenty-nineteen is a far more secure option. It contains the same easy-to-remember information for you, but not for hackers.
To emphasize the point, the password 01012019 will keep your account secure for about 3 milliseconds until it can be hacked wide open. One01Twenty-nineteen will give you — wait for it — 43 quintillion (that’s 43 followed by 18 zeros) years before a hacker will be able to crack it. You have a full gamut of keyboard characters (uppercase letters, lowercase letters, numbers, and special characters) to help make it as difficult as possible for cybercriminals to get to your information. Use them.
This last facet of password security — if used alongside the two tips above — will make your accounts virtually impenetrable. Two-factor authentication (2FA) is an extra layer of security that helps ensure that you’re the only one who can gain access to your account, even if someone else knows your password.
2FA protocols will typically ask you to assign a device you “trust,” or request a mobile number that is verifiably yours. Ideally, this should be a device that you have on your person at all times — your smartphone.
Accounts that are secured with 2FA will require security procedures just like any other account: you will be asked to provide a username and password combination, and if the two match, you will be granted access to the next step. The difference is that for accounts that don’t have 2FA enabled, full access will be immediately granted after typing in a password — access to your social media, your email, etc. With 2FA activated, typing in your password prompts a final layer of security, one that requires you to physically acknowledge entry from your “trusted device” or to match a secondary, temporary passcode sent through your verified mobile number.
And even if your account details get stolen, you’ll still have an opportunity to protect your account. That's because being unable to pass secondary verification will block any attempt to give access to your account. An added feature of this is that it also serves as an alert should someone attempt to access your account.
Improving your password habits is great, but cybersecurity for businesses goes beyond password protocols. Unsure whether your systems are safe from cybercriminals? We’ll check for you! Give us a call today.