October is National Cyber Security Awareness month, so we decided it was yet again, time to talk about one of our favorite things — passwords. While it may seem redundant, it’s more important than ever to crack down on simple passphrases.
The majority of individuals and businesses complete many last-minute and major tasks online, using countless login usernames and passwords. Without complex and secure passwords, sensitive information and money are at risk.
Why do we need complex passwords?
Even if your password feels complex to you, it’s not rocket science for hackers to crack the codes using advanced software programs. Many hackers will utilize what’s called a brute force attack, in which they gain access to a password-protected server or site and attempt various combinations of passwords until the password is cracked.
There are also dictionary attacks, which are exactly what they sound like — programs that go through various combinations of words you’d find in a dictionary.
Brute force attacks and dictionary attacks are typically done using software programs, but regardless of how data breaches occur, Verizon’s Data Breach Investigations Report (DBIR) found 81% of breaches occur due to compromised passwords.
And it’s exactly why there are so many password requirements. The difference in the time it takes to crack a seven-letter password versus a password with eight letters — or letters and numbers —jumps from milliseconds to hours. It takes hours (just over about 100) to brute force crack a four-digit PIN.
Think of the typical instances in which you use a password:
- At a bank.
- Using a credit/debit card at a store.
- Signing in to an email account.
- Signing in to any online portal.
We could go on. The list is nearly endless.
In reality, the only way you’ll do your information justice is by creating a password that is as complex as it is long. We recommend 20 characters or more, with a mix of alphabetical, numerical and special characters.
Two-factor authentication (2FA) was once thought of as an optional step in logging into accounts, but for maximum security it’s almost a requirement. Without two-factor authentication, you put your information at risk. With it, your accounts require two different sets of credentials to gain access.
In addition to using 2FA on all your online accounts that support it, we also strongly recommend you enable 2FA to log in to RoboForm.
What do hackers want?
As an individual or business trying to grapple with the possibilities of a cyberattack, it can be overwhelming.
The Harvard Business Review (HBR) reports cyberattacks have resulted in publicizing corporate data, paralyzing hospitals, compromising medical devices and more. It’s quite literally the stuff of sci-fi stories come to life.
Of course, a lot of the information hackers take leads to some type of monetary end. They use information to assume an identity to then send and receive money, procure loans, etc.
Because many small businesses keep their information on the cloud, where there’s less encryption, it’s easier for hackers to target these companies via their weaker security.
How are hackers getting in?
Getting hacked isn’t as difficult as the average person may assume, and there are a variety of ways businesses or individuals can be targeted:
- Phishing: Phishing via email and sending links or attachments that give malicious software (commonly known as malware) access to your device and information, as well as the ability to control the device.
- Scanning servers: Hackers scan servers to look for points of weakness — similar to a burglar casing a house before a robbery — before carrying out a cyber attack. Again, this type of occurrence is common for small businesses with weaker security.
- Wi-Fi networks: Oftentimes, hackers can get access to information via compromised Wi-Fi networks. If you’re using a network that doesn’t require a password or any type of authentication, beware sharing sensitive information (e.g. using your credit card to buy anything).
- Third-party websites: Remember how we mentioned many people use the same password for different websites? This is where that becomes a problem. Hackers can access your information via third-party websites and if you use the same password for multiple sites, it isn’t hard for them to carry forward with their cyber-attacks via different logins.
The only thing that can protect against the above infiltration options is a complex, unique password.
You can use a password manager like RoboForm to create a unique and complex password, and also to utilize two-factor authentication, which will allow for an additional, crucial level of security. By encrypting data, RoboForm also protects user data from hackers attempting to scan servers and phish emails.
What happens if hackers succeed?
The worst thing you can do when a cyberattack happens is ignore it. As immediately as possible, report to the company and its customers, in writing, that information is compromised.
Different states have different laws pertaining to the reporting of a cyberattack, so it’s best to be up-to-date on legalities in your region. Fortune magazine also recommends having an incident plan already in place, so if anything should happen, the team is prepared.
It may seem a bit unnecessary, but consider your company’s plans around an emergency evacuation — most companies have them but hope they’ll never have to use them. But if they ever need to, they’re ready.
If you’ve experienced a cybersecurity attack and need to ensure your information is protected moving forward, StaySafeOnline.org has resources to help you begin proactive action.
How to make passwords unique and complex
One of the best plans to keep in mind when preventing cyberattacks is to utilize a complex, strong and unique password.
This is easier said than done, as a strong password is often 12 characters or more, a mix of letters, numbers and symbols, and doesn’t contain any information you use for different logins (like your ATM PIN or part of your Social Security number).
The U.S. Department of Homeland Security offers many tips on how you can create a strong and complex password:
- Do use upwards of 12 (preferably 20+ characters).
- Do utilize alphabetical, numerical and special characters.
- Do not use the same password for more than one account login.
- Do not use common or personally significant dates or addresses.
- Do not use common words found in a dictionary.
Luckily, there are great tools out there you can use to test the strength of your password before saving it to a username and login — RoboForm has one that’s simple and useful.
There are also tools that allow you to generate a password, so you don’t have the pressure of thinking of a complex combination on your own. Regardless of how you create your passwords, it’s never a bad idea to save them in a secure manner — and believe us when we say that password storage isn’t as complex as you think!
If you’re curious to learn more about National Cyber Security Awareness Month (NCSAM), follow along with us on Twitter and Facebook, and share this post so people in your network can #BeCyberAware!