From data breaches to lost or stolen items, password security is an essential first line protection for your business.
One of the easiest ways to gain access to information is through the use of a Brute force attack. Brute force model is when a hacker uses a piece of software to attempt to log into a site using your credentials. Brute force attackers will enter a password to try and break the hashed password. Basically, it tries aa, ab, ac… except even an ordinary computer can test over one hundred million passwords per seconds. Specifically designed password crackers can test an incredible number of passwords a second.
Almost every method of making a password has a password cracking model designed to defeat it. Brute force can guess short passwords easily but struggles with long password. Dictionary attacks can guess phrases, even if the password is long but struggles with changes in punctuation or substitutions.
Password calculators are websites used to check the strength of a password. They are helpful but can be misleading. Password calculators usually use brute force to estimate time. If a password cracker is using another model (dictionary attacks, pattern cracking, word list substitution, more) a password can seem much stronger than it is. A strong brute force password could be cracked in seconds with another model.
One of the biggest issues is if passwords are reused around the web. If a hacker is able to get access to one password, typically that username and password are used in other areas. This is a dangerous precedent that could give a hacker access to multiple accounts. Sometimes, a breach can go unnoticed for weeks or months, meaning that hackers could have access to multiple accounts.
There are great resources like Haveibeenpwned.com that can notify users if their data or accounts have been breached.
Consider using a password manager like LastPass or 1Pass. Password managers are an application like a secure vault to store and generate password. It works by logging into the manager with a master password. This is the only password you have to remember. It should be very long and secure password as it controls your vault. From there, your manager can generate randomized, almost unbreakable passwords (in the order of billions of years of brute force protection or more) to use for your accounts. While this method is not unbeatable, it’s orders of magnitude more secure than a Post-it note.
More about password managers here.
Best Practices for Password Security
This means strong, long passwords that are easy to remember. Never write a password down on a Post-it Note.
Don’t save your password when prompted
This can be a major issue if a computer or device is lost or stolen. When passwords are saved, a compromised device can mean compromised accounts.
Change it frequently
Data breaches breach can go unnoticed for months. If a password is changed often, it can protect from unknown breaches.
Never use ‘12345’, ‘password’ or another common password. These are incredibly easy to hack.
Don’t re-use old passwords
Again, one compromised password can quickly become multiple compromised accounts.
Comments