Password hackers have access to better password hacking software and tools and more stolen passwords than ever before.
According to the latest Verizon Data Breach Investigations Report, 81% of hacking-related breaches involved either stolen or weak password.
Let’s talk about password hacking techniques. The story is different when the target is a company, an individual, or the general public, but the end result is usually the same: the hacker wins. How can you make sure that your company and personal data are safe? We’ve asked the experts.
We sat down with one of our Security Manager & Divisional Data Protection Managers, Claes Lanner, to see what advice he could give us on password security.
Q: Why do we have passwords?
A: To ensure that your information is not changed or taken. It’s as simple as that.
Passwords are easily cracked by hackers, particularly if you don’t use sound password-creation practices. The best passwords contain uppercase and lowercase letters, numbers, and special characters. You should also avoid using easily guessed words or alphanumeric combinations, such as the names of children or pets, birth dates, addresses, and similar information that can be easily guessed by someone looking at your Facebook profile or through a Google search.
“A strong password should be more than eight characters in length and contain both capital letters and at least one numeric or other non-alphabetical characters. Use of non-dictionary words is also recommended,” suggests the Identity Theft Resource Center.
Q: What type of password is the most secure?
A: 2-factor authentication is the safest. If that is not an option, then use a long passphrase. The last option is to use a complex password.
Q: How often should passwords be changed?
A: That depends. If you’re using 2-factor authentication, two times a year. Passphrases should be changed four times a year, and passwords should be updated every six weeks.
If you do forget your password or get locked out, you need a way to get back into your account. Many services will send an email to you at a recovery email address if you need to reset your password. So it’s important to make sure your recovery email address is up-to-date and is linked to an account you can still access. Sometimes you can also add a phone number to your profile to receive a code to reset your password via SMS. Your mobile phone is a more secure identification method than your recovery email address or a security question because, unlike the other two, you have physical possession of your mobile phone.
Q: Many users find updating passwords to be annoying and redundant or simply forget to do it. What advice would you give to them?
A: Security vs usability is the tricky part. Think of it this way: you’re heading home from the grocery store, both hands full of grocery bags and no free hand to unlock your front door. Wouldn’t it be easier to simply keep the door unlocked? It’s natural to keep your home locked, it should be natural to keep your online banking and financial systems locked as well.
While password hackers will continue to adapt to new security measures, it’s critical for businesses and individuals to be proactive in their stance to protect their assets. Those who make password security an integral part of their company culture will be best positioned to fend off password hackers.Read more about security in the cloud in this blog post or visit our Trust Centre.