Password Security - Is It Time for a Password Overhaul?
World Password Day served as a reminder of the need for secure and robust passwords to protect your personal data and your business's systems, networks and devices.
Passwords are a consistent part of our personal and professional lives. In today's digital culture, passwords are used to access everything from devices to online banking, your IT assets, and more. No matter what you or your business signs up for, you’ll no doubtedly need to create a password in order to access it.
How Are Passwords Discovered?
According to a recent report, lost or stolen credentials remain the number one hacking tactic used by malicious actors to commit data breaches, while compromised or weak passwords are responsible for 35% of all breaches.
Malicious Actors use a variety of techniques, including exploiting social and technical vulnerabilities to discover a password. The variety of techniques can include:
- Password spraying - Attackers use a small number of password combinations that are commonly used in an attempt to access a large number of accounts.
- Brute Force Attack - Concentrating on a specific account and using a system to automate the guessing of a large number of passwords until the correct combination is found.
- Social Engineering Attacks - Using phishing attacks, spear-phishing and smishing to trick users into giving away sensitive information.
- Leaked Data - Using personal information and passwords leaked from data breaches to access other systems which may be using the same password.
- Insecure Passwords - Using passwords found on sticky notes near a device or within documents stored in a device to access accounts.
Having a robust password policy is key to ensuring all employees, whether remote or in the office, have a clear understanding and awareness of how to effectively manage and store their passwords to ensure they don’t fall into the wrong hands.
It’s Time to Overhaul Your Passwords
The average person has around 100 passwords for a range of tools, apps, websites and services used on a regular basis. These passwords are usually not all different, they may be repeat passwords or passwords that have repeat elements in them.
Passwords May be Inconvenient but are a Necessity
While having so many passwords can be an inconvenience at times, having good password hygiene for all employees can hinder hacking attempts and cyber security incidents.
If basic password hygiene isn't managed, you are essentially giving malicious actors an opportunity to:
- Easily access your sensitive personal and business accounts
- Breach more accounts that share the same password
- Scrape the data found in those accounts
Although password hygiene requires time and patience, it’s one of the most important things you can do to safeguard your sensitive data.
To assist you in strengthening your passwords, we have created this infographic on how to effectively create and manage solid passwords so they don't fall into the wrong hands.
How can we help?
Secora Consulting provides a range of services that can help you to assess the security of your organisation. Our cyber security assessment focuses on gaining an insight into weaknesses in your organisation's current security posture which may you vulnerable to the most common cyber-attacks. Our baseline assessments focus on quickly bringing your systems in line with best practices by identifying missing patches and known issues in your systems. If you are interested in a more in-depth assessment of your infrastructure, ask us about our penetration testing services, where we will identify and exploit vulnerabilities in your network, showing just how far an attacker could get. Get in touch with us today to discuss your specific requirements.
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.