In the movie “Marathon Man”, Dustin Hoffman’s character is subjected to an extremely painful, brutal line of questioning. Led by a “qualified dentist,” this over-the-top drilling procedure is intended to extract his secrets – and always preceded by the same phrase, “Is it Safe?” And while today’s hackers aren’t resorting to medieval torture methods like in the movie, that doesn’t make calculated cyberattacks any less significant (or painful!).
In fact, the ramifications of individual cybersecurity breaches can be devastating. According to a recent article in Threatpost, the average cost of a cyberattack now totals $1.7 million – encompassing everything from brand damage and loss of productivity to falling stock prices and impacted financials. That’s why focus on a safe and secure cyber footprint – including passwords – is so important. And what better time to acknowledge this than today – World Password Day.
Kicking off the first Thursday every May, World Password Day is a call-to-action for better, stronger and safer passwords. The idea was initiated by security researcher Mark Burnett in his book “Perfect Passwords,” and later continued when the date was officially registered in 2013. Considering the damage poor password configurations can inflict on businesses today, it’s more critical than ever to keep pace with changing authentication requirements.
The truth is, most people are still too casual when it comes to password security. A recent study by the UK’s National Cyber Security Center discovered the top-10 passwords being used today still include: “123456”, “123456789” – and even “password” and “password1”. In this day and age, such approaches are definitely not best-practices. What’s critical is to build and execute a strong security infrastructure – ensuring no critical data is ever breached. But how do we get there? In addition to keeping up with the critical guidelines via the US Federal Government (National Institute of Standards and Technology), it’s important to focus on these password best-practices:
Consistent Scheduled Updates
While a continuous approach to password maintenance is time-consuming, these updates are critical - considering the volume and sophistication of cyberattacks. Take stock of all computers and devices – anything mandating a password – and schedule ongoing updates. Clearly, shorter passwords are easier to decode, so ensure each is unique and specific.
The best security policies are built on multi-factor authentication – making it even more difficult for hackers to access private networks and resources. Unfortunately, a password-only approach is vulnerable to dictionary-based attacks and social engineering tricks. Multi-factor authentication is that second layer of protection – whether Digital Certificates, fingerprint scans or even “one-and-done” password use. In this scenario, if a hacker breaches the password, there’s still a second line of defense in place.
Re-Use is a Killer
It’s not uncommon for hackers to sell data they breach – meaning private information can be exposed to millions. Never use the same password for all accounts. Once the attacker guesses this universal password, all private information – from bank accounts to social security numbers – are immediately exposed. It’s useful to make use of a password manager to avoid forgetting them.
Don’t Get Personal
While it may be convenient to use your dog’s name or favorite football team as a password, never include personal information as a foundation. Hackers often leverage password cracking software, enabling them to add a user’s personal details and uncover the most likely combinations. Stay away from birthdays, addresses, or anniversaries.
Scanning and Checking
One of the newest recommendations from NIST on password safety is screening and scanning. Hackers often resort to a known database of dictionary passwords – or even previously compromised passwords – and try those first. There are a range of solutions on the market today able to compare your new password with this existing list. Check that your new password isn’t included on this list, and immediately change if it is.
Is it Safe?
While “Marathon Man” may represent an extreme example of extracting personal information, today’s hackers will still go to great lengths to crack and exploit your passwords. Try not to panic – and don’t make it easy on them. Check out the links below for more background on password security and multi-factor authentication. And then contact the team at GlobalSign to get on the right path to safety.