Password Security

In: Cyber Security

What is the importance of passwords in cyber security?

Strong passwords are important because they help prevent unauthorized access to personal information and accounts. This is especially important for accounts containing sensitive information, such as financial email and social media accounts.

Password protection is an access control technique that helps keep important data safe from hackers by ensuring it can only be accessed with the right credentials. Password protection is one of the most common data security tools available to users—but they are easily bypassed if not created with hackers in mind.

Why is password security needed?

Passwords remain an effective solution for identity-based access control of digital assets when considering cost, security benefits, and ease of use and management.

The average user manages more passwords than ever. Password security systems are used to protect data and verify and establish identity for personalized features and account access. Stolen credentials are commonly used by cyber attackers to deliver malware. For this reason, it’s important to adopt password security best practices, such as multi-factor authentication (MFA).

How does password security work?

The application, website, or account (called the “verifier”) asks the user (known as the “claimant”) to type a string of characters that matches the characters stored with the verifier. Before permitting access, the verifier checks the entered phrase against its list of approved credentials to ensure the phrase and user ID match.

How secure is password security?

When used properly, password security can be very effective and plays a key role in multi-factor authentication (MFA). However, inattentive user behavior and insufficient protection of credentials by enterprises can be a cause of damaging security breaches.

The first password systems assumed that users would memorize their passwords, which would create a secure form of password management. However, passwords have proliferated in home and work life and have also become more complex. Users have too many passwords to remember and often reuse passwords. 

Hackers recognize these weaknesses and use a variety of methods to steal and guess passwords, such as sending spoofing and phishing emails. They can also purchase stolen credentials online.

What is a password manager?

A password manager is an app that generates complex passwords and stores them in an encrypted format.  The advantage of a password manager is that it remembers and autofills passwords and can suggest long, difficult-to-crack random passwords.  With a password manager, users don’t need to memorize passwords or record them elsewhere, they just need to maintain access to one password account.

The downside of password managers is that all passwords are stored in one place, which could be attractive to cyber attackers. By successfully attacking a password manager, cybercriminals could obtain many passwords during a single breach. In addition, if email passwords are obtained, users can lose access to those accounts.

How do passwords get hacked?

  • Bad actors use a variety of tactics to steal passwords, including:
  • Brute force attacks, a method that uses trial and error to crack passwords and login credentials to gain unauthorized access to accounts and systems.
  • Credential stuffing, the automated use of stolen usernames and passwords to gain unauthorized access to online accounts.
  • Dictionary attacks, which try to break a password by entering every word in the dictionary, using derivatives of those words with character and alphanumeric replacements, and using leaked passwords and key phrases.
  • Keylogging, the use of a software program to track a user’s keyboard strokes to steal PINs, credit card numbers, usernames, passwords, and more.
  • Malware, is malicious software designed to harm or exploit computer systems and, in many cases, steal passwords.
  • Password spraying, the use of a single password against many accounts to avoid account lockouts and remain undetected.
  • Phishing, which tricks users into sharing their credentials with hackers impersonating legitimate institutions and vendors.
  • The best way to protect against password hackers is to:
  • Use strong passwords on all devices and accounts.
  • Be skeptical about links and attachments.
  • Shield paperwork, device screens, and keypads from view to keep criminals from stealing passwords by looking over a target’s shoulder.
  • Avoid accessing personal and financial data with public WiFi.
  • Install antivirus and antimalware software on all devices.

How to create a strong password

Strong passwords can help defend against cyberattacks and lower the risk of a security breach. They typically are long—at least 12 characters—and include uppercase letters, lowercase letters, numbers, and special characters. Strong passwords should not have any personal information.

Follow these guidelines to create strong passwords:

  • Use at least eight to 12 characters.
  • Use a combination of letters, numbers, and symbols.
  • Use at least one uppercase letter.
  • Use a different password for each of your accounts.
  • Use uncommon, unusual words. Draw from song lyrics, quotes, or popular phrases to make the password more memorable. For example, using the first two letters of each word in the sentence, “Veritable Quandary was my favorite Portland restaurant,” could yield the password: VeQuwamyfaPore97!.

Some examples of strong passwords are:

  • Cook-Shark-33-Syrup-Elf.
  • Tbontbtitq31!.
  • Seat_Cloud_17_Blimey.
  • X5j13$#eCM1cG@Kdc
  • %j8kr^Zfpr!Kf#ZjnGb$
  • PkxgbEM%@hdBnub4T
  • vUUN7E@!2v5TtJSyZ

Weak passwords often contain personal information or follow keyboard patterns. Some examples of weak passwords are:

  • 1234567.
  • 1111111.
  • Qwerty.
  • Qwerty123.
  • Password.
  • Password1.
  • 1q2w3e.
  • Abc123.