Abstract

Passwords are everywhere. It seems that every account requires a password, in addition to the devices we use to access these accounts. This is a good thing, as it only helps to increase security – assuming that the password is strong. After all, a password that anyone can guess can hardly be called a password at all.


Unfortunately, recent insights are showing that passwords are not being approached with security in mind.

An examination of passwords that were leaked in 2017, put together by SplashData, showed that the most common passwords in the sample were “123456” and “password.” Not coincidentally, these were also the passwords that were cracked most often for the fourth year in a row. The most recent edition of the University of Phoenix’s annual cybersecurity survey added to this data. This survey’s results showed that password practices are severely lacking:

  • Only 42 percent of Americans use different passwords across different websites.
  • Only 35 percent regularly update their passwords.
  • Only 24 percent update their passwords before they have to travel.

These stats are only made worse when other results from this survey are taken into account. Not only have 43 percent of adults experienced a data breach during the last three years, only 29 percent of workplaces include password protections in their official cybersecurity policies.

Clearly, this isn’t an ideal situation. One of the big contributing problems is the fact that many people simply aren’t confident in their ability to remember the recommended random assortment of alphanumeric characters for one account, let alone for each of the numerous accounts that they have.

Fortunately, there are a few tricks and solutions to help meet these standards.

Passphrases
Let’s be honest, something like “kD78Bnd45” isn’t very easy to remember, and as we’ve discussed, it would be even harder to remember a password like this for each account. It also doesn’t help that many passwords also come with length requirements, meaning that the random code becomes even longer and is therefore more difficult to remember.

While using a single word isn’t advisable, as a little social engineering will generally put the cybercriminal on the right track, your security can be boosted by instead using a sentence. This sentence is known as a passphrase.

For example, ‘starwars’ was the 16th most used password in the Splashdata examination discussed above. If someone were to have a social media account filled with Yoda memes and albums from their time at Orlando, Florida’s Star Wars convention, a cybercriminal would probably guess that this person is one of those who uses ‘starwars’ to protect their data. However, if this password was lengthened into a passphrase, like “I really like Star Wars,” it becomes considerably less obvious.

Substitution
A password or passphrase can also be strengthened further by also substituting numbers and symbols in for certain letters. Using our example, “I really like Star Wars,” the likelihood of the passphrase being cracked is diminished even more when it is becomes “1 really l!ke St@r W@rs.”

Using a Password Manager
There are also plenty of programs that are designed with those who have a hard time keeping track of their passwords in mind. Password managers can reduce the number of passwords you have to remember down to one, as the rest are securely saved and able to be populated in the appropriate fields.

Whatever it is you decide to use to assist you in managing your passwords, there are also tools available to help you estimate how effective your passwords will be. For example, one of these tools puts the amount of time it would take for a computer to hack into our “1 really l!ke St@r W@rs” example at 3 octillion years. Compare that to “password,” which would be cracked “instantly.”

For more advice on how to maintain your cybersecurity, keep reading our blog, or reach out to us directly at 888-748-2525.

ABOUT THE AUTHOR

Password Security Needs to Be a Priority

Rafiq Masri

With over 25 years of experience in Information Technology, Rafiq is one of the most accomplished, versatile and certified engineer in the field. He has spent the past 2 ½ decades administering and supporting a wide range of clients and has helped position Network Management, Inc. as a leader in the IT Managed Services space.

Rafiq has built a reputation for designing, building and supporting top notch IT infrastructures to match the business objectives and goals of his clients.

Embracing the core values of integrity, innovation, and reliability, Rafiq has a very loyal client base with some customer relationships dating back 20+ years.

Rafiq holds a bachelor’s degree in Mechanical Engineering from the University of Michigan and has completed graduate programs in Software Engineering and Business at Harvard and George Mason University. Rafiq is a former founder and CEO of Automation, Inc. in Ann Arbor, Michigan as well as a valued speaker on entrepreneurship and technology at industry events such as ExpoTech and others.