We say it a lot and we mean it; cyber security is vital in the online world. Passwords are a huge part of that. However, while many know we should use unique usernames and complex password combinations, we don’t. Even the reports of cyber attacks and breaches over the years haven’t made a huge difference, with bad password habits being far more common than you might think.
Would you like to become a cyber-security champion? Learn about the common ways hackers get hold of your personal data in our FREE White Paper >>
The main reasons for this? Convenience, forgetfulness and sheer laziness.
In light of the above, we have decided to go through some interesting facts about passwords, in the hope that you will think about how you create, use and store your passwords for the future.
Fact #1: Passwords are easily hacked because most humans follow similar patterns
At the beginning of the Web and when passwords were first used, the most popular password was ‘12345’. Today, it may be longer, but is hardly safer – ‘123456’. Additionally, research has found that women are famous for using personal names in their passwords, and men opt for their hobbies.
Amichai Shulman, the Chief Technology Officer at Imperva, which makes software blocking for hackers commented on these patterns when he said “I guess it’s just a genetic flaw in humans … We’ve been following the same patterns since the 1990s”.
Fact #2: 59% of people use the same password everywhere
91% of people know that password recycling poses huge security risks, yet 59% continue to use the same password everywhere. Therefore, if a hacker was to crack one password, they would be able to gain access to all other accounts!
Businesses should ensure they pay close attention to employee password hygiene. Studies have shown that there can often be a lap over with the passwords created for personal and work accounts; 62% of people use the same password for work and personal accounts.
Password generators are great if you struggle to come up with multiple, strong passwords. They are tools that will automatically generate a password using parameters such as mixed-case letters, symbols, numbers, length and strength.
Fact #3: 7 in 10 people no longer trust passwords to protect their online accounts
Passwords are required for nearly everything we do online. So, if people no longer trust them, what is the answer?
Multi-factor authentication (MFA) or two-factor authentication (2FA) are authentication methods that verifies a user’s identity by requiring multiple credentials. These include something you know, something you have and something you are. Something you know could be a password, something you have is a possession such as a generated code on your phone, and something you are could be facial recognition, a fingerprint or an eye scan.
As traditional usernames and passwords can be stolen, they have quickly become a target of hackers. This explains the lack of trust in them for many. MFA or 2FA are effective ways to provide enhanced security for all online accounts.
Fact #4: 86% of people who use 2FA feel their accounts are more secure
Ever since the start of the digital revolution, passwords have been the mainstream form of authentication. Unfortunately, as passwords and encryption methods have become more complex, so have the skills of hackers.
2FA is an essential element of cyber security that all businesses should implement as it adds that extra layer needed to immediately neutralise the risks associated with compromised passwords. Implementing it can be done with relatively little pain for users, and usually, with little or no expense to your organisation.
At entrustIT we understand the importance of good cyber security practices, which is why with our Hosted Desktop, Hosted Application and Office 365 products, we encourage the use of 2FA. This is especially true for more demanding environments such as legal, financial services and local government where it is strictly enforced.
Fact #5: 90% of passwords can be cracked in less than six hours
Think you have a strong password? Think again…
Hackers are continuing to become more sophisticated and have a variety of ways in which they can crack your passwords to gain access to your online accounts. One way to help keep secure is to understand the methods they use, here are four:
- Dictionary attack – A dictionary attack is a method that systematically enters words that can be found in a dictionary. Hence, the name. The only reasons this kind of attack works is because users are remaining to rely on easy-to-guess words for their passwords.
- Brute-Force attack – A brute-force attack is when hackers have a software that tries to guess every possible combination until it hits yours. They often begin with the most commonly used passwords first and then move onto more complicated phrases.
- Credential stuffing – Credential stuffing proves the dangers of re-using usernames and passwords for numerous accounts. It works where credentials obtained from a data breach on one platform are used to attempt log ins on other platforms.
- Social engineering – Phishing has remained on of the top social engineering methods used by hackers to crack passwords. They do this by appearing as a trusted source and concoct a scenario for handing over login credentials or other sensitive personal data.
Fact #6: 18% of employees share their passwords with others
Password sharing is a common mistake of many and can seriously compromise an organisation’s cyber security. But why do employees do this? Research has shown 42% of workers say they do it to more easily collaborate with team members, as well as 38% saying they share passwords because it is company policy.
If a hacker gains entry to your system, shared passwords will make it much easier for them to access other parts of the network. Additionally, how do you establish exactly who is doing what? By taking the time to put an updated password policy in place, you can minimise the risk of both internal and external threats related to password sharing.
Here at entrustIT, we know how important security is. That’s why in April 2014 we invested in obtaining the ISO 27001 accreditation, an international standard published by the ISO. We have continued to maintain this accreditation over the years. Training your staff on cyber security best practices is paramount in the modern workplace. This and looking to cloud services that are encrypted will help to keep your business safe. Why not take the next step by downloading our FREE White Paper >>
