Are Your Passwords Safe?
Despite the world’s best efforts to get everyone off passwords and onto something else (e.g., MFA, password-less authentication, biometrics, zero trust, etc.) for decades, passwords have persisted. Today, nearly everyone has multiple forms of MFA for different applications and websites, and many passwords.
The average person has between three to seven unique passwords that they share among over 170 websites and services. And unfortunately, those passwords often get stolen or guessed by cybercriminals.
According to Hive Systems, any 8-character password can be cracked in less than an hour through brute force. Further, any password containing less than seven characters can be cracked instantly.
Password Attack Defenses
The password attack defenses can be summarized by the following, in order of importance:
- Use multifactor authentication (MFA) whenever possible
- Be cognizant about what you put on social media
- Use a different, non-guessable password for each site and service
- Use a password manager wherever you can to allow perfectly random passwords to be created and used
- Where a password manager cannot be allowed, users should create long and/or complex passwords or passphrases, different for each site and service
- All passwords should be changed at least annually
Whenever possible, use multifactor authentication (MFA) to provide another layer of security. The best tactic a user can do to prevent password hacking (after using MFA) is to avoid being socially engineered, which takes a good, in-depth combination of policies, technical defenses, and end-user education.
In closing, password attacks are widespread and one of the highest cybersecurity risks to any user and organization. Most password attacks happen because a user’s password (or password hash) is stolen or guessed. Users who follow the password defense recommendations above are far less likely to be hacked because of their passwords.
Information in this article was provided by our partners at KnowBe4.