Passwords are always a major pain point for businesses, but in some industries, their importance is emphasized more than others. In particular, government-based organizations need to be prepared to keep more secure passwords. While we understand that not all organizations are government-based, there’s something to be said about proper password practices that we can all learn something from.
QuestingHound Technology Partners Blog
Let’s be honest - not all of us have the best memories. This makes the ability for many browsers to remember our passwords seem like a godsend. However, is this capability actually a good thing for your cybersecurity? The answer may not surprise you.
As you may expect, the average Internet scammer isn’t above resorting to dirty tricks to claim their ill-gotten prize from their victims. A recent scam demonstrates just how dirty these tricks can truly be, and unfortunately, how ill-prepared many are to handle them.
Passwords are all over the place these days, whether they’re required to access an online account, or access the devices used to open these accounts. While both types of passwords can make for ideal security conditions, this is only the case if the passwords are strong. If your passwords can be guessed by just about anyone, can you really call it a security measure? New insights from SplashData show that passwords aren’t being considered as much as they need to be.
As technology advances and allows for common pain points to be corrected, many of today’s most well-known entities will adopt new solutions to ease the experience of their customers and clients. Take, for example, eBay. The famous reselling site has been taking steps to install an assortment of new features to improve its customers’ experience.
You’ve heard it said that it’s a best security practice to routinely change your passwords. The idea here is that, if a password were stolen, then it would lose its value when the user goes to change it. While this sounds like solid logic, new research shows that it may actually be better NOT to change your passwords.
This may be a hard pill to swallow for IT administrators who have always required users to change their passwords every few months or so. However, seeing as this practice could make accounts less secure, it’s worth considering.
The idea behind this theory is that, whenever a user goes to change their password, they’re often rushed or annoyed and end up creating a new password that’s less secure. The Washington Post puts it like this: “Forcing people to keep changing their passwords can result in workers coming up with, well, bad passwords.”
Think about it, how often have you changed your password, only to change it from a complex password to one that’s easier to remember? Or, have you ever kept the same password and just added a number at the end of your new password? This covert move will do little to deter a hacker. Carnegie Mellon University researched this topic and found that users who felt annoyed by having to change their password created new passwords that were 46 percent less secure.
Plus, let’s consider the hypothetical situation of a hacker actually stealing your password. Truth be told, once they’ve gotten a hold of your login credentials, they’ll try to exploit the password as soon as they can. If they’re successful, they’ll pose as you and change the account’s password, thus locking you out of it. In an all-too-common situation like this, the fact that you’re scheduled to change your password at the end of the month won’t change anything.
Additionally, ZDNet points out yet another way that regularly changing passwords can make matters worse: “Regularly changed passwords are more likely to be written down or forgotten.” Basically, having a password written down on a scrap piece of paper is a bad security move because it adds another way for the credentials to be lost or stolen.
Whether you do or don’t ask employees to change their passwords is your prerogative. However, moving forward it would be in everybody’s best interest to focus on additional ways to secure your network, instead of relying solely on passwords. This can be done by implementing multi-factor authentication, which can include SMS messaging, phone calls, emails, and even biometrics with passwords. With additional security measures like these in place, it won’t matter much if a hacker stole your password because they would need additional forms of identification to make it work.
To maximize your company’s network security efforts, contact QuestingHound Technology Partners at 954-727-2200.
Twitter recently experienced a major hack where it saw 33 million user login credentials stolen. What may be more alarming than the hack itself is what the stash of stolen credentials reveal about users’ password security habits. Or, to put it more accurately, the lack thereof.
Security company LeakedSource was able to obtain and analyze the stolen passwords from an online black market. They found that the most commonly used password (connected to more than 120,000 accounts) is also the easiest to guess: “123456.”
This despite (or perhaps because of) the famous password scene from the 1987 film “Spaceballs.” If you recall, the joke was regarding King Roland being blackmailed by Dark Helmet to turn over the password securing Druidia’s planetary force field. The super-secret password in question, “12345.”
The revelation of the password being so ridiculously simple caused Dark Helmet to reply, “That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!”
Not surprisingly, the other most-used passwords from the Twitter haul are just as easy to guess; “123456789,” “qwerty,” and “password.”
We make the connection to Spaceballs in order to highlight the fact that using weak passwords has been a major IT security issue for at least 30 years, with little hope of things changing. Fortunately, the remedy is quite simple; use complex passwords with a string of random characters. Taking this measure alone will improve your security vastly over all the other King Rolands to be found in cyberspace.
However, using complex passwords will only get you so far. For example, as in the case of the recent Twitter heist, if your password is stolen, then it doesn't matter how complex it is. This is why we highly recommend that you take advantage of two-factor authentication security solutions. Twitter and other major websites offer two-factor authentication, which messages your mobile device with an additional code upon entering the correct password. It’s a small inconvenience that will virtually guarantee that you’ll be protected, should your password fall into the wrong hands.
Additionally, we recommend following the best practice of using a different password for each of your online accounts. For example, if your Twitter password gets stolen and this happens to be the same password used for your other online accounts, then the hacker would have an easy time logging into your other accounts.
Actually, this happens more than you would think, with Facebook’s Mark Zuckerberg becoming the recent poster child. On June 6th, Zuckerberg briefly lost control of his Twitter and Pinterest accounts after hackers used the same password to access both. The password in question was not only ridiculously easy to guess, but it was also one that he’s apparently used before, “dadada.”
Therefore, if you’re using complex passwords, two-factor authentication, a different password for each account, and you’re routinely changing your passwords, you’ll apparently have better online security than Mark Zuckerberg, which is something to brag about.
Following all of these password security best practices will go a long way in protecting your online identity, and when it comes to network security, the more precautions you take, the better. To that end, call QuestingHound Technology Partners today at 954-727-2200 to equip your business with the best security solutions on the market.