Good Password Hygiene Mitigates Personal and Business Cyber RiskNoor Boulos
In our previous Cyber Security Awareness Month (CSAM) blog we talked about the added value we as cybersecurity practitioners can bring to the table by sharing knowledge we take for granted with individuals across the organization that will ultimately help strengthen defenses. The first topic we covered was multi-factor authentication (MFA). CSAM’s next topic is using strong passwords. Here are a few tips we have found useful to share with colleagues, as well as family and friends.
Why strong passwords are important
Simple passwords are easy for hackers to crack, and password reuse opens the door for them to compromise additional accounts and gain access to your confidential information. What’s more, public WiFi doesn’t provide the same levels of protection as your WiFi at home or the online network provided by your employer. This makes it easy for threat actors to spy on you and access your private information such as bank account passwords and credit card details.
Threat actors take advantage of passwords as a weak link to takeover accounts and steal valuable data. The 2022 Data Breach Investigations Report (DBIR) from Verizon finds that 82% of breaches involved the human element and the top path by far the threat actors used to infiltrate organizations are lost or stolen credentials. It stands to reason that one of the best things individuals can do to mitigate risk is to practice good password hygiene.
Tips for good password hygiene
Good password hygiene includes creating strong passwords and avoiding reuse and sharing. Strong passwords are unique for each of the different services you use and are changed frequently. They should never include personal information such as your name, birthday or email address. Instead, think of a long, unique passphrase that you’ll find easy to remember, and include a combination of lower- and upper-case letters, as well as numbers and characters. Change passwords frequently, particularly after you return from a trip.
Equally important is to avoid password reuse. A good rule of thumb is to change passwords every three months, but a recent survey of 1,000 business leaders and 1,000 employees found that 87% reuse passwords across business applications and 62% reuse personal passwords for business applications and vice versa. When a breach happens and a password is compromised, threat actors will try that same password across multiple sites creating further damage and headaches. Related to reuse is password sharing, a practice that exposes you to greater risk, particularly if that shared password is reused by you or by whomever you have shared it with.
How a password manager can help
With all the different services that we are required to interact with, it can be a daunting task to keep track of all our credentials, let alone make sure each one is unique, rotated frequently, and stored securely, which is why using a password manager can be the best approach. There are several password manager options on the market, which are more secure and take less effort than trying to manage this on your own. For example:
- You only have to remember a single master password to access all of your accounts.
- Password managers do the work of creating sufficiently complex credentials that current password crackers won’t likely be able to break.
- Once you sign up for a password manager, you can install a browser extension that will autofill logins for you while still storing them securely. It’s also just as easy to copy the password into your clipboard.
- Password managers allow you to easily change passwords. If a website you have an account with has been hacked, you can stay secure by using a built-in password generator to create a new password.
- You can store any type of text information securely – addresses, phone numbers, answers to security questions. It’s up to you!
- Your credentials are automatically synced on all your devices, so that’s another thing you don’t have to worry about.
Given it’s CSAM, there’s no time like the present to help raise awareness for the risks of weak passwords and how to improve password hygiene quickly and easily.