Strong Passwords Are Strong Defense Against Cybercrime

Avatar photo
Ryan Palermo

You may have seen the game show Password, where one partner gives clues and the other guesses the secret word. With the right hints, it’s easy for the guesser to get the password right. The same holds for cybercriminals trying to hack into your network by guessing your users’ passwords.

Many Americans Are Not Making Wise Choices When It Comes to Passwords

A study conducted by Google in conjunction with Harris Poll found that keeping track of passwords is a source of frustration for the majority of Americans. A whopping three in four respondents say they struggle with passwords.

  • 24 percent of Americans have used some variation of the following weak passwords: abc123, Password, 123456, Iloveyou, 111111, Qwerty, Admin, and Welcome.
  • 27 percent of Americans who have tried to guess someone’s password, 17 percent have guessed it correctly.

But just because it can be frustrating to create more secure passwords doesn’t mean it should be done. According to the Verizon Data Breach Report, weak or stolen passwords were responsible for 80% of hacking related breaches. Hackers are using technology to discover passwords quickly and easily. Here are some things to consider for all the places you or your team use a password to access.

Longer Equals Stronger

The recommended length of a password has grown from eight to twelve characters, and it can take a professional hacker less than an hour to decrypt an eight-character password. Simple dictionary words are scanned through “brute force,” a computer-generated hacking method. Next, the computer tries the terms again with “!” or “?”. Then, the words are scanned with 3s replacing Es, 5s replacing Ss, or @ replacing the As, etc. The longer the password, the more difficult it becomes to crack it using brute force.

What makes a good password?

Avoid the obvious, like birthdates, 123456, or (gasp) “password.” Seventy-three percent of passwords are duplicates and 54 percent of users leverage five or fewer passwords for all of their online accounts. Don’t use the same password on different sites. And stay away from anything that might be easy to figure via a simple word in the dictionary, a word with letters replaced by numbers, or an easy word followed by $, !, %, etc.

Changing passwords frequently used to be recommended as a good password practice. Research has recently found that when folks are required to change passwords regularly, they end up just using some form of the last password, which isn’t really effective. The key is using a strong password to begin with and then not having to change it unless there’s a breach.

Often people use short, easy passwords or the same complex password because it’s too hard to remember many complex passwords. A password manager can help you create and keep complex passwords safe. And to access your password manager, you’ll use multi-factor authentication (MFA) to keep your list secure.

Teach These Tips to Your Team

Your networks are only as secure as your weakest link. Help your employees, vendors, and customers understand why strong passwords are essential. And consider setting up options that require longer, stronger passwords to protect sensitive data from hackers.

Airiam can help your organization set up its systems to accept only strong passwords. We can also help you with team training, adding MFA, and other security measures to ensure your data stays safe.

Strong passwords contribute to cyber resilience.

New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

Cyber Resilience vs. Cybersecurity: Key Differences

Cyber resilience and cybersecurity get bunched together in discussions around digital protection, but they are two separate philosophies. Both are important to understand and implement in your organization. There are overlaps in the implementation of b
Jesse Sumrak
>>Read More

Podcast: MITRE Explored

 Episode Summary Airiam welcomes MITRE’s Shane Steiger, Esq., CISSP in this episode. We discuss how MITRE came to be and how the frameworks they maintain help companies around the world. The four pillars of their Cyber Resiliency Engineering Framewo
Avatar photo
Bill Bowman
>>Read More

FTC Compliance: The Gramm-Leach-Bliley Revision

Amended Safeguards Rule from FTC On December 9th, 2021, the Federal Trade Commission (FTC) amended the Safeguards Rule, the 1999 Gramm-Leach-Bliley Act, to put more meat on the bones of the previous rule. In this revision, the FTC has made the Safeguar
Avatar photo
Art Ocain
>>Read More