Compromised passwords have become the main cause of data breaches, according to IBM Security’s 2021 Cost of a Data Breach report. They were responsible for 20% of all data breaches last year, with an average cost per breach of $4.37 million.
With most companies moving processes and data to cloud services to facilitate a “work from anywhere” environment, the problem with poor password management has been amplified. A hacker is typically only one weak password away from being able to breach a cloud account.
Password security is a vital layer of any company’s IT security strategy, yet many employees continue to adopt bad password habits because they have so many passwords to remember.
Some recent statistics on password security show that:
As part of your employee security awareness training, you should be reviewing good password practices to help employees understand how to create strong, difficult-to-hack logins.
Below are several tips to help your team create better passwords that will keep your cloud accounts and data better secured.
The longer a password is the harder it is for an attacker to breach. You can keep your login easy to remember and make it strong at the same time by using a passphrase instead of a password.
A passphrase is a string of words, without spaces. It could be the title of a favorite book, song lyric, or movie quote, for example. Adding in punctuation makes the passphrase even stronger and more difficult to breach.
Some of the common passwords people use include their personal information. A birth date, pet’s name, favorite sports team, etc. These are common “go-tos” for hackers looking to breach accounts.
A cursory look at your social media profile can bring up all sorts of potential passwords. Keep your passwords difficult to guess by not using any personal information.
One trick for making strong passwords is to purposely misspell words. For example, instead of using “engine” use “injin.” You can further strengthen passwords by including numbers or special character substitutions for letters, such as using ! instead of L.
Most passwords are case-sensitive, and you can use this to make stronger passwords. Use at least one uppercase letter, but don’t put it at the beginning of the word, where one would expect.
Instead, use it in the middle of the password, which will make it much harder for a hacker to guess.
A common best practice for creating strong passwords is to use a combination of letters, numbers, and symbols. Use these throughout the password as well, not just at the end to make your PW stronger.
Reusing passwords is common because people have so many to manage. But when you do this, you run the risk of multiple accounts being breached if just one password is compromised.
This also goes for using “login with Facebook (Google, Apple).” While it may be convenient to set up an account on a site with an existing username and password, this leaves all your accounts more at risk of a breach.
To make it easier to create and remember unique passwords for each login, use a password manager. This is a secure vault that will store all your passwords for you, and you only need to remember one to access them.
According to Microsoft, using multi-factor authentication (MFA) on your account is 99.9% effective at blocking fraudulent sign-in attempts. This is one of the best safeguards you can have to keep your logins secure.
Multi-factor authentication can be set up as an SMS prompt, on-device prompt, or using a separate security key. Organizations can make it more convenient for users by coupling it with a single sign-on (SSO) application, which allows employees to log in once to access all their work accounts.
Don’t keep the same passwords for years and years, change them regularly to keep accounts more secure. The longer you have the same password on any account, the more risk there is that it will eventually be compromised.
Passwords aren’t only compromised through a direct hack of that password, they are also often exposed through the breach of a database that the cloud provider owns, which ends up exposing all user login credentials.
Change passwords regularly and keep up with any potential breaches of passwords. Many browsers, like Edge and Chrome, will now warn users if one of their passwords has been identified in a breach.
Have you been looking for a solution for stronger passwords? Haxxess can help your Northern Ontario business improve your access security to better protect your cloud accounts and assets.
Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.