Enterprotect

View Original

Password Power: Creating a Strong Defense Against Cyber Threats

In many cases, data breaches are the result of a weak or overused password. As with other methods of data breach, hackers have a laundry list of techniques to use when it comes to cracking your “well thought” defenses. It can be as simple as purchasing your password from the Dark Web, if you’ve been using the same one for years, chances are it is available for hackers at a very low price. In other instances, hackers can use a more sophisticated software that enables them to crack your code.

The best defensive for password hacking is creating a password that is both strong enough to foil complicated software and yet easy enough to remember (Don’t foil yourself, no one likes the “forgot my password” click of shame).

SO, WHAT’S THE PROPER PASSWORD ETIQUETTE?

Here are some DON’Ts

  • Don’t use the same password for years - change it every 30, 60, 90 days

  • Don’t reuse the same password for multiple sites - using the same password is like putting all your eggs in one basket. If that basket is compromised…you’ll have no eggs.

  • Don’t be predictable - using anything with your name, date of birth, or other personal information is not advisable. Also don’t use consecutive letters and numbers

  • Don’t think easy substitutions will work - 50RRY, replacing letters with numbers is not clever enough to fool elaborate software.

Let’s Talk About The DOs.

  • Do use longer passwords - passwords with 9-12+ characters work well.

  • Do mix your characters - be sure to use a mix of upper and lower case letters, symbols and letters. The more you mix = better.

  • Do use multiple words strung together - in lieu of a random mix of characters, multiple words strung together is better than one single word.

  • Do use unique words - using uncommon words strung together make it harder for software to predict. Don’t forget to mix in your characters.

  • Do use a 2 factor authentication - 2 factor and multi-factor authentication provide an extra layer of protection.

Types of Password Hacks

As mentioned, there are several types of methods and software available for hackers to obtain your password. Here are three of the most common:

Phishing

The sophistication used in modern phishing techniques has the ability to fool even the latest software and slip through the cracks right into your inbox. Hackers are able to accurately impersonate financial organizations, social media platforms or other institutions and request you login or change your password. Upon entering your information, it then becomes theirs.

Brute Force Attack

Have you ever played 20 questions? Well imagine playing the game with unlimited questions, against a professional that really, really wants to win. Brute force attack software is created to guess every combination possible until it matches yours. There is software available that can try 350 billion guesses per sec. for any 8-character Windows password including a combination of upper/lowercase letters, numbers and symbols.

Dictionary Attack

Similar to the Brute Force Attack, this method involves guessing your password with an onslaught of attempts. Unlike the Brute Force Attack, the Dictionary Attack will attempt to guess your password with a prearranged list of words instead of characters/numbers/symbols. Unless the password you use contains a word that is highly uncommon or multiple words strung together, the Dictionary Attack has a good chance of cracking your password.

Are you concerned with password safety posing a threat to your company?

We’re here to help! Talk to a cyber security specialist today and get expert advice, proactive strategies and the right-sized cyber security solutions tailor-fit for you organization. Schedule a FREE cyber security discovery call today.