Password Management System: What You Need to Know About Passwords

We often hear businesses say that they don’t need to be concerned about cyber security or a password management system because they’ve never been hit with ransomware or been breached. Former IBM Ginni Rometty said cybercrime is “the greatest threat to every profession, every industry, every company in the world”  and Former FBI Director James Comey stated “There are two kinds of companies in the United States: There are those who’ve been hacked … and those who don’t know they’ve been hacked.” 

The discussion about cyber attacks should be based on the assumption that every business will eventually be affected. Businesses need to make a conscious, focused effort to make cyber security a priority and to protect their organization, employees and clients.

How Easily Can Cybercriminals Access Your Data?

Weak passwords are the most popular method of entry for cybercriminals. Still, there are a significant number of people who don’t follow good password hygiene practices. You can beef up your cyber security efforts by following these best practices.

Cybercriminals can solve weak passwords in seconds using automated tools. “A hacker needs roughly two seconds to crack an 11-character password made up of numbers,” says Alex Balan, director of security research at security company Bitdefender. If the password is more complex, containing numbers, symbols and uppercase and lowercase letters, the time needed to break it jumps to 400 years.

The difficulty in keeping track of multiple passwords leads people to use easy-to-remember (and easy-to-guess) passwords. A GitHub page for OWASP’s SecLists project shows the top five most popular passwords across the globe are:

• 123456
• Password
• 12345678
• qwerty
• 123456789

Equally concerning were Google’s findings that almost a quarter (24 percent) of Americans have used some variation of the following weak passwords: 

• abc123
• Password
• 123456
• Iloveyou
• 111111
• Qwerty
• Admin
• Welcome

Security Is On Your Shoulders

It is your responsibility to keep your business safe. Being aware of your risks is critical, because breaches, ransomware and other attacks are not hypotheticals, they happen with increasing regularity and impact. You need to understand what proper password hygiene practices will do to assist you in protecting yourself, and what responsibilities you need to take upon yourself to ensure your business is secure.

What Strong Passwords Look Like: Good Password Hygiene

Experts agree that a good password should be unique and contain a combination of letters, numbers and special characters. While password complexity helps in the long run, the length matters far more. Experts recommend a minimum of 12 characters or more if possible.

Pro Tip: A 12-character password takes 62 trillion times longer to crack than a six-character password.

To put this statistic in perspective, if a given computer could crack a six-character password in one second, it would still take more than two million years to crack a 12-character password.

Here are some more expert insights curated by our team:

• Longer is better. Ensure each password is unique and not easily guessable.
  
• It’s best to use a “passphrase” that is long but easy to remember, easy to type and hard to guess. Pick something that only you would know. For example, the phrase “I Love Pizza with Onions!” becomes “IL0v3Pizz@with0ni0ns!” Easy to remember, easy to type, hard to guess, and at 21 characters, VERY difficult to crack.
  
• Use multi-factor authentication (MFA). In a 2019 blog post, Microsoft manager Alex Weinert stated, “Based on our studies, your account is more than 99.9 percent less likely to be compromised if you use MFA.”
  
• Never reuse the same or similar passwords. Use a different strong password for every account.
  
• Don’t write passwords down in the office. Whether it’s on a sticky note, in a notebook or a file on your computer, writing down passwords is simply bad for security.
  
• Sign up for data breach notifications. While the relevant company should tell you if your data has been exposed, signing up for a service like Have I Been Pwned? will increase your chances of hearing about a data breach before it’s too late.
  
• Change your password after a data breach. If you discover your information has been breached, you should change your password right away and check that there has been no unusual activity on the account.
  
• Watch out for phishing emails and sites. These use social engineering to steal personal information such as account credentials and banking information.
  
• Monitor your accounts. Check your online accounts regularly for any suspicious activity.

Is There Anything Else I Should Know?

After hearing about what actions you need to take to secure your passwords, you might be wondering if there are any other pertinent tips we can offer. We recommend using password management software, like 1Password, if you haven’t been doing so already. If you want to learn more, feel free to contact us or book a no-obligation consultation so we can help. 

We’ve also created “Enterprise Password Management: The Complete Guide to Business Passwords,” a free download to help you make sure your cyber security is actively protecting your business at full capacity. It’s a free resource that could save you time, money and damage from a cyber attack.

Download the Guide