Major data breaches occurred with alarming frequency in 2016. Even more surprising is that users and website owners alike have unwittingly contributed to a growing problem – with weak passwords and lax security policies that green-light obvious choices.
A recent study by Keeper Security, based in Chicago, shed some light on the magnitude of the situation. Their research team analyzed nearly 10 million passwords from data breaches on the public web. What they found was staggering: Nearly 17% of the passwords were identical, and used only six numbers: 123456. In fact, seven of the top 15 passwords were six characters or shorter – easy pickings for brute-force technologies that can guess such password combinations in an hour or two.
Users are not solely to blame. As the study points out, many websites still accept flimsy and easy-to-guess credentials that do nothing to safeguard the growing amount of valuable data stored on their servers. It’s time to fight back with a few proven strategies to keep hackers at bay and your data safe.
#1 Don’t use passwords – use passphrases. Intralinks has been an advocate of passphrases for years. Some security experts insist on avoiding dictionary terms at all costs. However, when used correctly, passphrases not only make passwords longer, they make them stronger by exponentially increasing their level of complexity.
Keeping things fun and random will help increase their effectiveness without increasing the burden on your memory. Examples: OnlyGoodMargaritasOrbitJupiterMornings (38 characters) or BeOneWiththeRedShoesofMightyMuffin (34 characters). Be creative and avoid using personal information like your kid’s name, your dog’s name or anything else that hackers could easily guess and exploit. Bonus points for the completely absurd.
#2 Include special characters, and mix them up. It’s true that special characters can make a passphrase more difficult to guess, even for you. However, they also bring your security up a notch, especially if you mix things up throughout your login, rather than bunching up special characters at the beginning or the end. For instance, adding “!123” or “$456” to the end of your password or passphrase isn’t as big an obstacle for hackers as sprinkling your special characters throughout.
#3 Use two-factor authentication. Go to your favorite web-based application now and upgrade your login so that it requires not one but two ways of verifying that it’s you. If the website doesn’t offer two-factor authentication, tell them you want this option in the near future, or you will find a replacement.
#4 Consider using a password manager. When it comes to generating hard-to-crack logins, the best practice is always to use a separate, strong password for each and every one of your accounts. If this isn’t practical or even possible for you and your team, consider deploying a password manager with enterprise-grade security features. These tools enable robust password governance, including the ability to automatically generate random strong passwords, manage individuals and groups, set expiration dates and, if necessary, restrict access by IP address.
Using these simple strategies will go a long way to keeping you one step ahead of hackers and data thieves.
Next time in this space we’ll explore multifactor authentication, biometric scans and other innovative ways of ensuring that you are authentically you.