World Password Day 2022: Poor Password Practices Can be Costly
You’ve probably taken notice that how you authenticate your personal accounts is slowly starting to evolve. Phones can now be unlocked via facial recognition. Many devices and apps can verify your identity through fingerprinting technology.
Biometric identification may be the way of the future. But don’t be mistaken, passwords remain most practical in the present. Unfortunately, cybercriminals continue to compromise passwords. This gains them unauthorized access and to steal personal data that can be used to commit identity theft, online fraud, and cyberattack.
According to Verizon’s Data Breach Investigation’s Report, 61% of all cyberattacks can be “attributed to leveraged credentials.” Additionally, a study from Avast found that 90% of passwords are vulnerable to cyberattacks.
With 15 billion usernames and passwords currently available on the dark web, it’s imperative that both password security and proper password hygiene are a top priority in your personal digital life.
In recognition of World Password Day 2022, here are three password security best practices to help protect your accounts from adversaries seeking to compromise them for nefarious purposes.
Password length matters – but don’t overthink it
As we’ve written about before, it’s essential to create strong passwords that cannot be easily guessed by man or machine.
When creating a password, remember that it should be at least 12 characters in length. To avoid forgetting your password, start with a phrase that you can easily recall. “Hawaiian pizza is delicious” is an example. Then add in a combination of capital letters, numbers, and symbols to strengthen it.
As you can see from this chart from Hive Systems, the longer and more complex the password, the harder it is for hackers to crack it through a brute force attack, which is when they try various combinations to guess the password correctly.
However, under no circumstance should you ever include any personally identifiable information. This includes birthdays, phone numbers, or portions of your social security number. Cybercriminals can use such details to their advantage in a variety of ways.
Password diversity is essential at home
Having a strong password is a good start. But you cannot stop there. It’s imperative that you take the time to create a different password for each of the digital services you subscribe to.
Here’s why: Let’s say your password is “Hawaiian Pizza Is Delicious46?!#.” It’s a password that meets all the requirements above. It includes a phrase paired with capital letters, symbols, numbers and even spaces. If you take that password and use it for multiple apps and services, then it would only take one breach before all of your accounts become at risk.
Now, let’s take this example a step further. Imagine that your password was compromised in a data breach. If a cybercriminal was to get their hands on your password, they would have a master key. This key would empower them to breach many of your accounts and the personal data stored in each of them.
Password reuse continues to be a major problem despite these well-known risks, LastPass found 50% of people on the internet reuse their passwords.
Personal password security can impact work
You shouldn’t assume that your personal data is all that’s at risk from password reuse. Bad password habits can also leave you vulnerable in the workplace, as well.
Research from SecureAuth found that 44% of individuals use the same password for their work and personal accounts, and according to Beyond Identity, 42% of employees admitted to sharing their passwords with others in the workplace.
Which brings us back to our Hawaiian pizza password. Should a cybercriminal obtain a password that you have used for both your professional and personal accounts, then they could potentially obtain access to files and confidential data that your company possesses.
In this scenario, countless people may now be at risk. Your business could face financial, and reputation harm, depending on the data breach laws in the state of operation.
Don’t get complacent with your password security
You might be concerned by the prospect of having to remember so many different passwords. Luckily, there are plenty of password managers to protect all of your login credentials, which can easily be accessed by entering an encrypted master password. Think of them as a vault and the master password as the key. Just remember the key, and you don’t need to memorize all of your passwords.
Biometric verification is likely to dominate the future. But presently we still live in a digital world where passwords are the primary gatekeeper to your personal and professional accounts.
Recommit to making it harder for cybercriminals to access your valuable sensitive data by bolstering your password security on this World Password Day. As outlined above, it isn’t hard to craft secure passwords and keep them safe from bad actors – it just takes a little due diligence.
If you are concerned about whether your passwords are on the dark web, BlackCloak offers continuous dark web monitoring, where we search for credentials that may have been compromised in a data breach. The BlackCloak Concierge team also assists clients by helping them choose a password manager that best matches their needs.