According to the Verizon data breach investigation report, 81% of hacking-related data breaches took place last year due to weak or stolen passwords. This clearly shows that most businesses still do not follow the best practices when it comes to protecting their passwords, which is why they end up getting hacked.
If you want to know whether you are already hacked or not, you should keep an eye on the warning signs. Instead of following a reactive approach, trying to alleviate the damage caused by hacking, it is better to take a preemptive approach to password protection.
Here are some password best practices you need to adopt today.
You might have heard this common advice, “Use a combination of numbers, alphabets, and special characters.” If you are still following this advice, you are at a risk. Yes, you read that right. Hackers and cybercriminals have found a way to get around older password best practices and there are many tools that can help them crack these passwords. Another drawback of following this approach is that it makes your password difficult to remember.
According to the latest NIST cybersecurity framework guidelines, you should use long paraphrases that are easier to remember and hard to crack. Avoid using dictionary words and common phrases to make it tough for hackers to guess your passwords. Along with paraphrase with random words is more difficult to guess than passwords that leverage a combination of alphabets, numbers and special characters.
Another mistake most employees make is that they use a single password to login to all their accounts. This puts you at a much higher risk because if one of your accounts gets compromised, all other accounts can also be at risk. You can easily prevent this by using a different password for all your accounts. Use a password manager to manage all your passwords efficiently. This way, you don’t have to worry about remembering all these passwords and stay safe online.
Passwords are not the only way to authenticate users. In fact, passwords seem like an outdated way to authenticate users, especially with the emergence of much more advanced authentication methods. Fingerprint scanners, iris scanners, face detection are some of the better ways to authenticate users. As these technologies become more common, we might see the end of passwords altogether. With smartphones equipped with all these technologies, the day when passwords will become history is not far away.
Two-factor authentication or multi-factor authentication has already become a standard in the industry and rightly so. It adds a layer of security, asking users to go through an additional step before they can access their account. Yes, it can be a bit inconvenient but from a cybersecurity standpoint, it is a step in the right direction. Implementing multi-factor authentication means that hackers won’t get access to your affordable dedicated servers and databases even if they manage to crack your password successfully. Even if you don’t want to implement multi-factor authentication throughout your organization, make sure to implement it on critical end-points, sensitive data and while confirming financial transactions.
Akin to multi-factor authentication, password encryptions also offer additional protection for your passwords. With password encryption in place, your password cannot be read by hackers even if they successfully manage to steal it. They will have to decrypt it, which is not easy especially if the keys are with you. Avoid one-way and reversible encryption as hackers can easily crack them. Use end-to-end encryption as it can also protect your password in transit. Never store passwords in plain text since it can leave you vulnerable to attackers. Most companies make this mistake, which is why hackers can easily get access to their accounts once they steal passwords from their database.
With a plethora of devices at our disposal, we are no longer tied to a particular device or network. This means that we might be connected to different networks with various devices, which is just the opening that hackers need. When you are connected to an open, public Wi-Fi network, hackers can easily steal your passwords. Even if you have to connect to such a network, make sure that it has WPA 2 enabled. WPA 2 capitalizes on stronger wireless encryption, which is harder to crack than the previous versions. Ask your remote workers to use a secure VPN connection, especially when connecting to enterprise servers.
Last but certainly not least is employee training. Employees are the weakest link in your cyber security arsenal and hackers are well aware of it. This is why they constantly launch social engineering attacks to trick employees into sharing their sensitive information. By investing in employee training and organizing training sessions, you can increase employee awareness about cybersecurity. This will help you identify online fraud and social engineering attacks and they are less likely to fall victim to them. Launch a simulated social engineering attack to test the knowledge of your employees.
What password best practices do you follow? Feel free to share it with us in the comments section below.