Cybercriminals often leverage weak passwords to penetrate corporate networks, steal data and cause disruption. According to Verizon's report, up to 81% of data breaches occur due to weak or compromised passwords - making strong passwords an essential tool in strengthening your organization's first line of defence against these potential breaches.
Without proper enforcement, having a password policy in place within an organization is not enough to ensure security. A 2021 report stated that 31% of employees use their children’s names or birthdays as passwords. The same report revealed that 34% of employees used their spouses' names or birthdays, 37% used the company’s name, and 44% reused passwords from work-related and personal accounts. As remote work culture expands, the prevalence of password exploitation has also risen. With hackers rapidly collecting personal data from social media platforms, it's now easier than ever to dissect and exploit user passwords.
Many organizations urge the workforce to follow password management best practices like changing passwords every few days. But is that enough? Often, such directives prove counterproductive. At a workplace, people use one or more accounts or logins. Following the best password practices, in this case, can be challenging. For convenience, employees use common, repetitive words. While it helps employees remember passwords, this also opens the floodgates for cybercriminals. Several studies reveal that passwords with medium strength are highly likely to get hacked.
Organizations regularly recommend employees to switch their passwords frequently. Too often, these directives can be inefficient. Sticking to optimal password practices isn't straightforward when you have multiple accounts or logins to remember at the workplace. It's common for staff to reuse passwords or use common, repetitive words due to the ease of remembering them. Research has found that even moderately strong passwords are highly likely to be cracked by hackers - emphasizing how vital it is for us all to take appropriate measures to protect our information and data from malicious intent.
The problem with current password security measures is that cybercriminals can easily exploit the gaps. For instance, the ideal password length should be 8-10 characters. It must include special characters, lowercase and uppercase letters, and numbers. By this definition, something like Welcome1! is a password that will pass the policy requirements. Further, asking employees to change passwords often does not help. Once people exhaust their favourite list of phrases or words, they reuse passwords by changing just one or more characters. So, Welcome1! often becomes Welcome1@.
Hackers are getting smarter and more efficient every day. Research shows that hackers take less than 30 minutes to hack a 10-character password. If complex passwords exceed 11 characters, the timeframe may go up to three days.
Security experts insist that length and complexity are the golden rules for setting strong passwords.
A mathematical formula known as entropy can be used to measure randomness and determine the security of any given password. The higher your password ranks on the entropy scale, the more difficult it becomes to penetrate. Entropy also affects the difficulty of guessing or brute-forcing a password. Longer passwords take more time to crack and can comprise various characters, numbers, upper/lowercase letters, and symbols.
These days, password-hacking programs can guess 350 billion password combinations per second. Security experts now suggest using passwords of 13-20 characters with considerable complexity.
Research shows that password-hacking programs struggle to crack even a 12-character-long password. But the catch is that while length plays an important role, more is needed. Hackers can break a long yet straightforward password as easily as a short one. However, when the length gets supplemented by complexity, even the most seasoned hacker or modern programs would struggle to break passwords.
While a lengthy password comprising basic special and alphanumeric characters may appear strong, hackers can still easily crack it. Introducing complex characters and random phrases can make your passwords less likely to be cracked. As mentioned before, most employees use spouses, children, or pets’ names or birthday dates in the passwords. With the amount of personal information on social media, guessing passwords is easier than ever.
Businesses should encourage employees to avoid using personal information as passwords and use password managers to create and store randomized passwords.
See our guide to password security
In today’s data-driven world, password management is critical. Weak passwords can cause reputational, legal, and financial damage to organizations. While companies need to educate their employees on creating stronger passwords, stricter password policies can help bridge that gap.
Some best practices that organizations can follow to protect data are:
Cybersecurity training
Restricted access
Using password managers
Preventing the reuse of passwords
At Packetlabs, we offer organizations company-wide password audit services, including overall risk assessment, review of top-used passwords, most-used base words, password length, character sets, breached database passwords, and more. Connect with us today to learn more about our password audit services and explore how we can help create a robust security infrastructure for your organization.
October 24 - Blog
Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.
September 27 - Blog
InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.
September 26 - Blog
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.