The ‘chronic failure’ to use secure passwords has grown increasingly concerning for individuals and companies alike. Password hacking software now enables passwords, thought to be safe, to be unscrambled within seconds.
We have compiled the top reasons why implementing a complex password policy is vital for your protection and exactly how to put it in place.
The most common passwords
According to Keeper Security the most common passwords of 2016 included ‘123456’, ‘qwerty’ and ‘password’, while approximately 50 per cent of people use the top 25 most common passwords. Shockingly, data reveals this list has remained relatively unchanged over the years, showing user understanding on the importance of complex password policies remaining limited.
The two main types of hackers
Although hackers differ in the methods they use to access your personal information, you can definitely educate yourself about the two main types of hackers.
Opportunistic
The motivation behind opportunistic hackers often lies behind simple boredom and the quest for notoriety, rather than a fixed goal. Such hackers often target a large group of people, adopt simple and well known hacking methods, yet make little attempt to conceal their actions. Trustware revealed the main warning signs you are being targeted by an opportunistic hacker include ‘missed delivery’ spam and phishing emails.
Planned
Planned security attacks, however are targeted attacks on a specific organisation or person. These attackers use modern and sophisticated hacking methods to cause damage and steal valuable data. Planned hackers go to great lengths and time to conceal their actions and are often experienced individuals who are motivated by high monetary gain. How do you know if you’re being targeted by a planned hacker? These individuals often call up companies imitating a specific person affiliated with the company and requesting information.
The 4 most common hacking methods
Brute-force attack
Brute-force attacks use automatic computer programs to decrypt files by calculating every password combination possible, at an incredibly fast rate, until correct. Used against any type of encryption, as updated and faster computer hardware becomes available, these attacks become more efficient and successful.
Dictionary crack
A dictionary attack occurs when a large list of words are entered into a software program in an attempt to generate a password. These attacks are incredibly popular as individuals and companies leave themselves vulnerable by choosing weak and common words as passwords. These attacks also occur through email spamming techniques whereby large amounts of emails are automatically generated and sent to random addresses in the attempt to spontaneously reach real email addresses.
Phishing
Seemingly obvious to avoid, phishing attacks are incredibly common whereby hackers simply ask users for their passwords. This most commonly occurs through emails claiming to be online banking requiring you to login and provide information. Banks will under no circumstances require you to provide such details over email, yet many unsuspecting individuals often fall trap to this hacking method.
Social engineering
An extension of phishing, social engineering occurs externally to online methods. In these cases, hackers actually call or come face to face with users, while impersonating someone affiliated with the business. The most common impersonation is that of an IT security tech, who calls the business and claims to need passwords to alleviate a security issue.
Most important things to include in your password policy
Due to the enormous security threats associated with a poor password, it is clear a company’s best interest is to implement a complex password policy. Although it would be ideal if website operators enforced basic password complexity policies, research shows the majority fail to do so. Therefore, the ultimate responsibility lies within the user to protect themselves with a secure password.
Create a strong password
The passwords most resistant to hacking are those made up of a mix of numerical, uppercase, lowercase and special characters, opposed to common words and simple number sequences. These passwords are incredibly effective against dictionary attacks as they are not common words and considerably slow down the efficiency of brute-force attacks. For example, create a password out of a complex sentence, which can even be about yourself! “I am 30 and work in IT’ can be translated to ‘Ia30awiIT’. This is considerably safer than your name and your profession.
Two-factor authentication
Ensure login processes include this multi factor authentication, which requires not only a password but another external piece of information that can only be accessed by the correct user, such as a phone number.
Different passwords for logins
Many companies require numerous passwords to access a vast array of different platforms. In this case, it is imperative each password is different to one another and do not vary in levels of complexity. In this case, if one password is compromised the others remain safe and protected.
How to remember your safe password
Now you’ve got your strong and unique password (potentially numerous of them!), you might be worried about how you’re going to keep track of them. Fortunately, there are many password manager platforms available, such as IPassword, which easily store your passwords and provide access with a simple click.
Here at Synapse IT, we can work with your business to create organizational group policies for password management. These policies enforce systems and rules to using strong passwords and will add a significant layer of protection for your company. If you would like further information regarding us, feel free to contact us!
Weak, predictable and common passwords leave your financial and private information vulnerable to hacking. It is essential that businesses and individuals alike enforce mandatory strong password policies, based on the information we’ve provided to significantly reduce the risk password hacking.
- How To Build a Competitive Advantage With IT - 10 October 2022
- How To Measure Success In Your IT Department - 7 October 2022
- The Simple IT Strategy Framework for a Post COVID-19 Workplace - 6 October 2022