Guest Post by Allison Grinberg-Funes
October is National Cyber Security Awareness month and so we decided it was yet again, time to talk about one of our favorite things–passwords. While it may seem redundant, it’s more important than ever to crack down on simple passphrases. The majority of individuals and businesses complete many minute and major tasks online, using countless login usernames and passwords to account accounts. Without complex and secure passwords, sensitive information and money is at risk.
Why Do We Need Complex Passwords?
Even if your password feels complex to you, it’s not rocket science for hackers to crack the codes using advanced software programs. Many hackers will utilize what’s called a Brute Force Attack, in which they gain access to a password-protected server or site and attempts various combinations of passwords until the password is cracked. There are also dictionary attacks which are exactly what they sound like–programs that go through various combinations of words you’d find in a dictionary.
Brute force attacks and dictionary attacks are typically done using software programs but regardless of how data breaches occur, Verizon’s Data Breach Investigations Report (DBIR) found that 81% of breaches occur due to compromised passwords.
That’s a huge percentage!
And it’s exactly why there are so many password requirements. The difference in the time it takes to crack a 7-letter password versus a password with 8 letters–or letters and numbers jumps from milliseconds to hours. It takes hours (just over 100 about) to brute force crack a 4-digit PIN.
Think of the typical instances in which you use a password:
- At a bank
- Using a credit/debit card at a store
- Signing in to an email account
- Signing into any online portal
We could go on. The list is nearly endless. In reality, the only way that you’ll do your information justice is by creating a password that is as complex as it is long–we recommend 20 characters or more, with a mix of alphabetical, numerical, and special characters.
Two-factor authentication was once thought of as an optional extra step in logging into accounts but for maximum security, it’s almost a requirement. Without two-factor authentication, you put your information at risk. With it however, your accounts require two different sets of credentials to gain access to an account.
In addition to using 2FA on all your online accounts that support it, we also strongly recommend you enable 2FA to log in to RoboForm.
What Do the Hackers Want?
As an individual or business trying to grapple with the possibilities of a cyberattack, it can be overwhelming. The Harvard Business Review (HBR) reports that cyberattacks have resulted in anything from publicizing corporate data, paralyzing hospitals, compromising medical devices, and more. It’s quite literally the stuff of sci-fi stories come to life.
Of course, a lot of the information hackers take leads to some type of monetary end and using information to assume an identity to then send/receive money, procure a loan, etc. According to Inc., because many small businesses keep their information on the cloud, where there’s less encryption, it’s easier for hackers to target these companies via their weaker security.
How Are the Hackers Getting In?
Getting hacked isn’t as difficult as the average person may assume and there are a variety of ways that businesses or individuals can be targeted:
- Phishing: Phishing via email and sending links or attachments that give malicious software (commonly known as malware) access to your device and information, as well as the ability to control the device, is a common method of hacking.
- Scanning servers: Another common way is for hackers to scan servers to look for points of weakness–similar to a burglar casing a house before a robbery–before carrying out a cyber attack. Again, this type of occurrence is common for small businesses with weaker security.
- Wifi networks: Often times, hackers can get access to information via compromised wifi networks. If you’re using a network that doesn’t require a password or any type of authentication–beware of sharing sensitive information (e.g. using your credit card to buy anything).
- Third-party websites: Remember how we mentioned many people using the same password for different websites? This is where that becomes a problem. Hackers can access your information via third party websites and if you use the same password for multiple sites, it isn’t hard for them to carry forward with their cyber attacks via different logins.
The only thing that can protect against the above infiltration options is a complex, unique password. You can use a password manager like RoboForm to create a unique and complex password, and also to utilize two-factor authentication, which will allow for an additional, crucial level of security. By encrypting data, RoboForm also protects user data from hackers attempting to scan servers and phish email.
What Happens if Hackers Succeed?
The worst thing you can do when a cyberattack happens is to ignore it. As immediately as possible, report to the company and its customers, in writing, that information is compromised. Different states have different laws pertaining to the reporting of a cyber attack, so it’s best to be up-to-date on legalities in your region. Fortune magazine also recommends having an incident plan already in place, so if anything should happen, the team is prepared. It may seem a bit unnecessary, but consider your company’s plans around an emergency evacuation–most companies have them hoping to never use them. Yet, if they ever need to, it’s always good that a plan is in place. If you’ve experienced a cyber security attack and need to ensure that your information is protected moving forward, StaySafeOnline.org has resources to help you begin proactive action.
How Do I Make my Passwords Unique and Complex?
One of the best plans to keep in mind when preventing cyberattacks is to utilize a complex, strong, and unique password. This is easier said than done, as a strong password is often 12 characters or greater, a mix of letters, numbers, and symbols, and doesn’t contain any information you use for different logins (like your ATM pin or part of your social security number).
The U.S. Department of Homeland Security offers many tips on how you can create a strong and complex password:
-Do use upwards of 12 (preferably 20+characters)
-Do utilize alphabetical, numerical, and special characters
-Do not use the same password for more than one account login
-Do not use common or personally significant dates or addresses
-Do not use common words found in a dictionary
Luckily there are great tools out there you can use to test the strength of your password before saving it to a username and login–RoboForm has one that’s simple and useful. There are also tools that allow you to generate a password, so you don’t have the pressure of thinking of a complex combination on your own. Regardless of how you create your passwords, it’s never a bad idea to save them in a secure manner–and believe us when we say that password storage isn’t as complex as you think!
If you’re curious to learn more about National Cyber Security Awareness Month (NCSAM), follow along with us on Twitter and Facebook, and share this post so that people in your network can #BeCyberAware!