Weak passwords are a huge threat vector and one of the big points to attack and can lead to data breaches, phishing scams, and ransomware attacks.
The invention of passwords in the 1960s changed the digital world as we know it. Passwords are now an unconscious standard practice in our lives; from your first pet to the street you grew up on, they are deeply ingrained in our minds. Passwords today are the primary guardians of our privacy, personal data, and finances.
Despite this knowledge, passwords are often viewed complacently, even though simple, easy-to-guess passwords are insecure. Your dog’s name, spouse’s name, birthdate, and other words and phrases related to your life that are easily discoverable on your social media profiles are easy for attackers to discover.
While the onus of ensuring security and protecting data does lie on the companies that collect and store this data, there is quite a bit consumers can do on their end to secure their credentials. World Password Day 2023 is driven by the purpose of raising awareness about the importance of strong passwords and encouraging individuals and organizations to take steps to improve their password security. With the increasing prevalence of cyberattacks and data breaches, it is more important than ever to use strong and unique passwords to protect our online accounts and personal information.
Based on research, 91% of people know that using the same password on multiple accounts is a security risk, yet 66% continue to use the same password anyway. Steven Scheurmann, Regional Vice President for ASEAN at Palo Alto Networks, provides simple but effective measures to make passwords the primary guardian of your personal and professional
- Set guidelines for passwords that prevent password spraying: Ensure long passwords with a good mix of different character types—letters, numbers, and special characters. An 8-character password is easier to guess by a computer than a 16- or 24-character password.
- Avoid vulnerable passwords that are easily guessed or already compromised. If you go and Google ‘commonly used passwords,” you’ll see a list that any attacker uses when trying to guess passwords. If there is a default password on an internet-facing device or even internally. Change it ASAP!
- Avoid reusing passwords: Everyone hates remembering passwords; some great options are using the passphrase options. We can use it to create unique passwords that are easy to remember. Be wary of password managers; several have been hit recently, and some of them multiple times. But they can also be an option.
- Require password updates at set frequencies: This is a pain, but consider it the standard operating procedure for business risk reduction. It doesn’t take that long to do and helps secure the organization if a set of credentials is stolen or phished somehow.
- Use multi-factor authentication methods: If a password is stolen or guessed, no matter how hard you’ve tried to be unique, having other methods to confirm it is you trying to get to a resource or a web service you use is vital. Many different cloud, security, and operating system vendors have a multi-factor authentication app that you can install on your phone to link to almost every website that supports it.
By taking these steps, individuals and organizations can help improve their password security and protect their online accounts and personal information. Learn more about how to create a stronger cybersecurity posture with an intelligent, automated, artificial intelligence (AI)-driven security operations center by checking out Palo Alto Networks’ World Password Day webinar.