Protect Yourself with Strong Passwords

What are some of the most common password mistakes, and how can you avoid them?

Author: Joel
Date: 31.10.2017
Read Time: 3 Minutes

 

Password protection is perhaps the most fundamental element of modern information security. Despite advanced endpoint protection software and cutting edge detection & response solutions, passwords still serve as the first line of defense against even the most sophisticated attackers. Invest in a strong lock, and keep the key safe – simple and intuitive enough.

Or is it? Overall, it seems that most people are still unwilling or incapable of taking password security as seriously as it should. Default passwords, such as “admin” and “password” abound, and if a user bothers to come up with a unique password, it’s often something akin to “qwerty” or “12345”.

The worst thing? These gems are used across multiple services. You know what we’re talking about – most people have that one favorite go-to password, which they punch in to every single new password prompt and registration form they come across.

Poor password hygiene is bad enough for a private individual – identity theft or credit card fraud are not something to laugh at – but the stakes are exponentially higher when it comes to organizations. Compromised social media accounts, access to company IT infrastructure, leaked customer databases – the list of dangers is almost endless.

According to the 2016 Verizon Data Breach Investigations Report, 63% of confirmed data breaches against organizations involved weak, default, or stolen passwords. Our own threat researchers, in turn, found that nearly 30% of CEOs have had their passwords leaked, in one form or another.

Prime-time Blunder

 

In what’s still probably the most baffling example of a password gaffe, French television station TV5Monde revealed a bunch of their social media passwords when one of their journalists was being interviewed on camera by another news organization. During the interview inside TV5Monde’s offices, multiple passwords could be seen scribbled on sticky notes and index cards, laid around a staffer’s work area.

To start with, it’s pretty cringeworthy to rely on passwords such as “thepasswordofyoutube” and store them on post-its. But the thing that made TV5Monde’s blunder especially ironic was the topic of the interview: a cyber breach. The channel had been successfully attacked just days before, and the journalist being interviewed was there to discuss the breach’s effects on TV5Monde’s operations.

It probably isn’t too much of a stretch to assume that the channel’s somewhat “lax” approach to security could have had something to do with the breach. Although not owning up to all stereotypes, most cyber attackers are as smart and determined as one might imagine – if your password could be guessed by an average 8-year-old, it most likely won’t hold back a resolute hacker.

So, what’s the takeaway here? It’s simple: don’t give attackers a needless free pass.

Instead of post-it-notes, store your passwords in a reliable password manager. Might be a good idea to use it to generate the passwords as well – a random sequence of letters, numbers and special characters will most likely be a better defense against hackers than your current go-to phrase.


Post Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s