Don't Be the Next SolarWinds — Eliminate Weak Passwords Now
How can people and enterprises avoid being the next “solarwinds123”?
Shutterstock
There are two common password attacks — brute force and dictionary attacks. Both generally involve a bot, but can also be done manually. They involve trying a sequence of numbers like 123456, and/or common words, hence trying to crack a password using “brute force” or common “dictionary” words. To minimize this type of exposure, don’t make your passwords predictable.
Related to being unpredictable, consider creating a phrase and use the first or second letter of each word, or substitute a special character for letters and/or numbers. If you’re not creative, you can always use a password generator. These are guaranteed to spit out some creative, and secure, password options.
These days when you get asked to create a password, most have a minimum of 10-12 character length. The longer the password, the more possible combination and permutations of the password there are, and thereby the safer they generally are. However, don’t forget tips one and two, because long common words and sequences of numbers are still easier to crack.
Believe it or not, one of the more common reasons passwords are compromised is because people share their credentials. Never, ever share your password. Also, be mindful of phishing. These types of acts are becoming increasingly sophisticated and can look very legitimate, like an email from your bank. As a good rule of thumb, unless you make a request, don’t ever enter your credentials. Or, if you have any doubts, contact the organization requesting the information directly.
Refresh your passwords regularly. While it may seem onerous, and even if you think you have finally come up with the most secure password ever, one of the best ways to protect your password is to change it regularly. In addition, you should use different passwords for different logins. Having a unique password for each account ensures that if or when one is compromised, the others remain protected. If you can’t remember all your passwords, consider using a secure password manager.
Jerome Becquart, COO of Axiad, said passwords are no longer enough to defend your perimeter.
“The average password takes 13 seconds to hack, making it all too easy for hackers to breach your system,” he said. “This World Password Day, it’s now essential to get rid of passwords and move to fully passwordless authentication. By utilizing multifactor authentication, FIDO2 and PKI instead, organizations can eliminate passwords and limit the impact of cyberthreats.”
Jerome Becquart, COO of Axiad, said passwords are no longer enough to defend your perimeter.
“The average password takes 13 seconds to hack, making it all too easy for hackers to breach your system,” he said. “This World Password Day, it’s now essential to get rid of passwords and move to fully passwordless authentication. By utilizing multifactor authentication, FIDO2 and PKI instead, organizations can eliminate passwords and limit the impact of cyberthreats.”
If a single weak password can bring a company like SolarWinds to its knees, imagine what weak passwords could do to your business.
Thursday is World Password Day, and its message has never been more critical. How can people and enterprises avoid becoming the next “solarwinds123”? —
Clara Angotti is president and co-founder of Next Pathway.
Next Pathway’s Clara Angotti
“One of the most powerful yet simple ways to improve any organization’s security posture is by enforcing strong password management policies and practicing good password hygiene, as passwords are critical gatekeepers to our digital identities and information,” she said. “Passwords are the backbone of any organization’s cybersecurity strategy but can also be the biggest threat to an organization’s security. Weak password management can leave enterprises vulnerable to data loss and privacy violations. Organizations must enforce strong password management policies.”
Weak passwords can compromise a company’s security, opening the floodgates for hackers to steal information, Angotti said. Once a corporate network is breached, it can have consequences that affect the entire business and everyone who works for it.
Alarming Statistics
A recent survey of 1,000 employees commissioned by Keeper Security provides some alarming statistics:
Over half of respondents admit to writing down work-related online passwords on sticky notes. Also, two-thirds admit to having lost these notes. In addition to leaving sensitive corporate information in full view of anyone else living in or visiting their home, this harms organizational efficiency. Lost sticky notes mean lost passwords, which result in help desk tickets to reset these passwords.
Sixty-two percent store login credentials in a notebook or journal. And the overwhelming majority keep these notebooks next to or close to their work devices. Therefore,anyone else who lives in or is visiting their home can access them.
Corey Nachreiner is CTO at WatchGuard Technologies.
WatchGuard’s Corey Nachreiner
“World Password Day has served as an annual reminder that we all need to practice better password security for nearly a decade,” he said. “And yet, 80% of breaches began with brute force attacks, or lost or stolen credentials last year. Attackers add millions of new usernames and passwords every day to the billions already available on the dark web. This has been the trend for years now, so at a certain point we have to ask if daily headlines on the latest security breaches and hacks aren’t enough of a cue to practice good password hygiene, is there much value in World Password Day?”
Check out our slideshow above for password security tips from Infrascale and more.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like