Specialty Blog Home 9 Corporate 9 Blogs 9 Rethinking Password Security

Rethinking Password Security

by | May 12, 2021 | Blogs, Cybersecurity, Risk control, Safety Tips, Technology, Technology Insurance

Passwords provide the first line of defense when a user wishes to gain access to a device or platform. It is the most used method of security. The stronger your password, the more protected your computer will be from hackers and malicious software.

Creating Secure Passwords

One of the most common methods for hackers to break into computers is by guessing passwords. Simple and commonly used passwords enable intruders to control a device which can give them access to a user’s personal or financial information.

Compromised credentials have played a key role in thousands of cases of data breach as hackers rely on weak passwords. Hackers use automated tools to conduct trial-and-error methods and check combinations to crack passwords. Hence, the longer the password, more combinations are required to be tested.

This list of 10 most common passwords of 2020 can be cracked using automated tools in less than a second. This infographic illustrates the time it takes to crack different types of passwords.

One way to create stronger password is to use a “passphrase” – a sequence of words that is easier to remember compared to a complex password consisting of characters and symbols. Create strong passphrases by combining unrelated words in uncommon patterns. Here are some examples and the approximate time to crack it:

  • Bostonstrong – 34 Seconds
  • Groundhogday – 6 Minutes
  • Dogcatpig – 25 Minutes
  • Kansascitychiefs – 1 Day
  • Peanutbutterandjelly – 1 Month
  • Giraffecarrotpeacewinter – Centuries
  • Bostongroundpigchiefsjelly – Centuries

You can check out a free Password Strength Testing Tool to determine the strength of your password along with some tips. Adding a digit and/or special character, which is generally required, further strengthens a password. Share this tool with kids to teach them how to create secure passwords.

In order to keep your credentials and identify safe, here are some best practices and technology that can help keep you safe and secure.

Security Best Practices

  • Combine unrelated words in uncommon patterns to create unique passphrases. Do not use personal information.
  • Create a different password for each device/account – including work and personal accounts. When a company is compromised, their passwords are exposed thus exposing your other accounts.
  • Do not re-use passwords.
  • Do not share passwords.
  • Always change default passwords.
  • Be vigilant about password storage. If you store them in a file, make sure it is encrypted and backed up – preferably to another device. If you write them down, securely store them. 
  • Immediatelychange passwords if there is a breach or suspected breach.
  • If possible, do not use your email address as your login id. 
  • Use a very strong password on your email account because if a hacker gains access, they can use the “forgot login” function to obtain access to your account then proceed to change the passwords for all accounts associated with it. A strong password is at least 15 characters and typically contains multiple characters sets (numbers, upper and lower-case letters, and/or special characters).
  • Do not allow the browser to remember passwords. This option is designed to save passwords for your convenience and not your security.
  • Consider using a password manager.
  • Select security questions only you can answer or provide fictitious answers – for example: Name of your High School – do not provide the real name of the school. Use something else and log it in your password manager.

Passwords may not be enough

In addition to passwords, a multi-layered cyber defense strategy has proven to be effective for an additional layer of security. Multi-Factor Authentication uses a combination of at least two different factors for identity verification prior to allowing access. If available, using MFA should be standard procedure when setting up business or personal accounts.

In an effort to promote better password habits, World Password Day occurs annually on the first Thursday in May.

About Technology

We are technology and risk management experts sharing insights to hopefully spur conversations.