Remember This: Hackers Like Strong Passwords, Too

In late 2016, a huge data breach occurred. More than 412 million accounts were affected when hackers got into FriendFinder Networks.

According to sources, approximately a million of those accounts had the password ‘123456,’ and approximately 100,000 has the password that was simply, ‘password.’ This, of course, is despite the efforts from pros about password management and the importance of a strong password.

Complex Passwords are Inconvenient

This data breach is just one of many, and it shows that using passwords alone are risky and have consequences. Additionally, complex passwords are inconvenient, and this means that people often avoid using them, or they write them down, or use them across multiple accounts, meaning there is a great chance that they can be stolen.

Keeping in mind, still, that passwords are flawed. This is not because they are often so easy to guess and easy to hack, it’s because they are quite expensive to maintain. Approximately 20 to 50 percent of calls to the help desk are due to password resets because people forget them.

All of this means that things have only gotten worse when it comes to the usability of passwords over the past few years. So, to keep the control that is necessary to ensure the data is safe in an organization, the IT team must use tools that will address these major security concerns. When you consider all of this, it is truly shocking that so many people are still using passwords such as ‘password’ and ‘123456.’

If you look at all of the data-breaches that have occurred in 2016 and consider the millions of people who have been caught up in these breaches, it’s absurd that people are picking passwords that are so easy to guess.

However, you also should keep in mind that it doesn’t matter what your password is, security experts and IT professionals keep hammering in the importance of changing passwords. Even if you are choosing passwords that are a bit more advanced than ‘123456,’ you should still change your password, often.

You also must consider this: it doesn’t matter how good your password is and how complex you make it; passwords are still vulnerable. What we need is a change in our thoughts about security and a revision of our concept of what a password is and does.

In some form or another, passwords have existed as a way to secure information for centuries. For most of this time, they have worked well. However, with technology changing the world, this old form of security needs to be refreshed to meet the needs of the time.

More Security is Necessary

To overcome all of the issues that are associated with passwords, companies should take time to look at different forms of security. All you are doing now is wasting time and money by changing passwords and making them stronger. On top of this, when your business experiences a data breach, you could be facing a fine and of course, embarrassing questions. Instead, it’s time to drop this concept of using passwords as the only means of security.

We need an approach that eliminates passwords altogether. Using, for instance, two factor or multi factor authentication or better, un-hackable security tokens is one way to ensure that no passwords are stored, created, or transmitted. This will help us all to remain safe.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Ad
Join over 500,000 cybersecurity professionals in our LinkedIn group "Information Security Community"!

No posts to display