We hear about password protection all the time. While everyone seems to practice proper protection hygiene, 61% of data breaches are attributed to credential compromise.
Reuse of password
We all have a large number of applications to access. While it may be convenient to use the same password for your Instagram, Gmail and the company VPN, reusing the same password makes it much more likely that one of those accounts will be compromised thus giving attackers access to all your accounts that use the same password. The danger of password reuse is multiplied with each additional account assigned to use the same password.
The simplest solution to this problem is to use a password manager application that stores all your passwords. The only password you will need to remember is the password to your password manager.
There are several free and paid options available. Contact your IT manager for recommendations on which one to use.
Strong Password
How strong is a strong password with 8 characters?
Password Style | Number of Combinations |
Upper Case Letters | 2 e+38 |
Upper + Lower Case Letters | 8 e+81 |
Upper + Lower + Numbers | 1 e+100 |
Upper + Lower + Numbers + Symbols | 9 e+159 |
e+159 means 159 zeroes after the number.
Those are huge numbers with many combinations, but all those combinations become useless if the password uses common words or combinations of names, birthdays, or pets’ names. Such as ‘Password1!’, ‘Anna1985-2-15’, or ‘DaisyCooper1’. If you think all those zeroes will protect you, I have some unpleasant news. In 2012, a hacker demonstrated the ability to crack an 8-character Windows password containing Upper + Lower + Numbers + Symbols in less than 6 hours. It checked 350 billion guesses per second. The rule is that the longer the password length, the more secure it will be.
We recommend using a random password generator with a password length of 12 characters or more.
TIME IT TAKES A HACKER TO CRACK YOUR PASSWORD
Password Number of characters | Upper Case Letters | Upper + Lower Case Letters | Upper + Lower Case Letters + Numbers | Upper + Lower Case Letters + Numbers + Symbols |
4 | Instantly | Instantly | Instantly | Instantly |
5 | Instantly | Instantly | Instantly | Instantly |
6 | Instantly | Instantly | 1 second | 5 seconds |
7 | Instantly | 25 seconds | 1 minute | 6 minutes |
8 | 5 seconds | 22 minutes | 1 hour | 8 hours |
9 | 2 minutes | 19 hours | 3 days | 3 weeks |
10 | 58 minutes | 1 month | 7 month | 5 years |
11 | 1 day | 5 years | 41 years | 400 years |
12 | 3 weeks | 300 years | 2K years | 34K years |
13 | 1 year | 16K years | 100K years | 2M years |
14 | 51 years | 800K years | 8M years | 200M years |
15 | 1K years | 43M years | 600M years | 15B years |
16 | 34 K years | 2B years | 37B years | 1T years |
Multi-factor authentication (MFA)
The additional layer of security will make it harder for hackers to penetrate your online accounts. Companies like Google and Amazon AWS highly recommend MFA for all users. You should always have additional layers of protection, even if you have a private Wi-Fi network.
MFA combines at least two of the following options
Things you know: Login with a password or PIN
Things you have: Smart Card or Security Token usually provided via email or cell phone confirmation
Things you are: Fingerprint, voice, facial recognition, eye iris scan (biometric data)
MFA options are becoming even more advanced by utilizing Artificial Intelligence (AI) for behavior-based authentication. They consider connection location, IP address, and speed of password entry.
The biometric protection option is the hardest to hack. Even if it is not feasible to implement it company-wide, keep in mind that most smartphones already have these capabilities. You must actively encourage your employees to use it.
Conclusion
Train and encourage your employees to comply with password security policies and notify IT Managers when something happens.
Comments