What’s in a password?

Did you know computer passwords were first developed at MIT in 1960 as a means of securing access to private files? The journey since then has been anything but unpredictable.

Passwords have evolved to be absolutely essential to our day to day existence while also being the most common attack vector for cyber breaches.

Keep reading to find out common mistakes we all make with passwords and how you can keep your passwords secure. Plus, we have 7 tips you can use to create more secure passwords!

Common password mistakes

Does the following list of the most common password mistakes sound familiar?

Reusing the same password
Only creating unique passwords for ‘high-risk’ accounts
Not using password managers
Creating simple passwords that contain personal information

Do you feel overwhelmed by the number of passwords that you have to remember?

180 is the average number of passwords we need to remember for the various business accounts we use. It’s therefore easy to see why we use the same password for multiple sites.

80% of breaches, according to Verizon, are caused by weak or compromised passwords. So fixing this one issue alone can massively reduce the risks businesses and individuals face from the harm that can come from successful cyber attacks.

60% of cyber attacks are caused by human error. Either someone did what they shouldn’t be doing or didn’t do what they should be doing.

Many instances of human error involved phishing, where accounts were compromised. The breaches exploited our natural laziness with regards to passwords. The hackers were either given the passwords or they guessed them. In the knowledge that we often reuse passwords, they then proceeded to log into other sites with the same credentials.

It is quite easy and cheap to crack passwords via a brute force technique. The easier the password the quicker it is to crack.

What are the top 10 most common passwords?

It varies depending on the source of the data but what is common about the most common passwords is that they are simple and pretty easy to guess.

Rank 2021

123456
123456789
12345
qwerty
password
12345678
111111
123123
1234567890
1234567

The list above was taken from a list of 275 million passwords leaked in a data breach.

So, you can see that hackers’ jobs are pretty easy when users can’t even be bothered to write a complex password.

Keeping your passwords secure

Well, we all know why we don’t write complex passwords, it would be unsustainable to do so for 90 plus sites and remember them. Some people still write passwords on post-it notes and stick it on their computer monitor. Some of us write it down on a notepad or a notes application on our smartphone. These are all coping mechanisms to avoid overloading our memory.

A great solution for managing passwords nowadays is a Password Manager – it’s all in the name. Password managers securely store passwords and can also generate complex passwords. This means that we don’t have to remember lots of complex passwords, just the main one that gets us into the password manager to retrieve the stored passwords.

This system could, however, still be vulnerable to attacks if the attacker can access the master password for the password manager. You therefore need to protect the password manager with a form of Multi Factor Authentication. Access is only granted if you have at least 2 methods of authentication, such as your password and a one-off token generated on your phone, as an example.

So how do we avoid the password leaking vulnerability?

To avoid the risk of weak passwords increasing the vulnerability of your data there are some basic steps that can be taken to protect yourself and your business information.

Never reveal your password to anyone – if anyone asks, it’s a scam or bad practice
Use different passwords for different accounts – a compromise on one will not compromise the other
Use MFA – this adds another layer of protection making it even more difficult to be breached
Length versus complexity – longer passwords are more difficult to compromise – use at 16+ characters
Make them hard to guess but easy to remember, using sentences and phrases can help
Make them complex – use special characters and numbers as well as letters
Use a password manager to securely store and backup your passwords

What is passwordless authentication?

The replacement for bad passwords and bad practices is to eliminate passwords altogether by becoming passwordless. This new technological approach requires the user to be authenticated via an authentication service on the basis of something the user has, such as a phone or token and something the user is, such as fingerprints, face, voice etc.

Systems are increasingly being implemented that generate a one-time token or an email link each time a user wants to login to a site. Passwordless authentication is more expensive to implement than a simple password based system but will become more common as costs come down. Also, they are definitely a lot safer.

The future of user authentication will be based around behaviour analytics. Users will be authenticated via biometrics in a low friction way so as not to hinder transactions while enforcing higher levels of security. The systems will build a profile of the user using machine learning, identify some normal behavioural characteristics such as keystroke patterns or device handling.

In this way, users can be continuously authenticated without even being aware of it. Unusual behaviour in conjunction with other suspicious activity will trigger an alert and consequent action.

We can help you select and implement the best authentication tools for your organisation, so you can reduce the risks associated with leaked passwords. Get in touch today to talk to one of our experts.