Forget using the proper fork during a meal, passing in the right direction, or starting a political conversation at dinner. When it comes to password etiquette, Americans are falling flat. Now is the time for businesses and individuals alike to beef up on their password etiquette.
ORAM Cybersecurity Advisors reviews the damage weak passwords and insecure logins can do and provides you with password etiquette tips. By learning and adhering to the following tips and best practices, all of us can create stronger passwords, protect accounts and applications, secure personal data, and safeguard our business’s proprietary information as well.
Bad Password Facts & Figures
Verizon’s 2022 Data Breach Investigations Report shows, “Four key paths leading to your estate,” and credentials, such as usernames and passwords, were the number one way hackers gain unauthorized access to networks and systems.
“No organization is safe without a plan to handle them all,” reads the Verizon report. “The human element continues to drive breaches. This year 82 percent of breaches involved the human element. Whether it is the use of stolen credentials, phishing, misuse, or simply an error, people continue to play a very large role in incidents and breaches alike.”
Ultimately, data from the 2022 Data Breach Investigations Report demonstrated that weak passwords and insecure login credentials were the simplest methods for cybercriminals to work their way into accounts and private data. The report shows an astounding 80 percent of breaches were the result of stolen or weak passwords.
Furthermore, BetaNews reports that cybercriminals can penetrate 93 percent of company networks. Research conducted by F5 Labs and released in its 2021 Credential Stuffing Report, demonstrates that weak password management and storage is an industry-wide problem. It also shows that organizations continuously remain weak when it comes to both detecting and discovering hacks as well as data theft.
Credential Spills & Credential Stuffing
These terms are as nasty as they sound. A credential spill is similar to an oil spill. When large numbers of stolen and compromised credentials are leaked, they are very difficult to clean up. The annual number of credential spill incidents nearly doubled between 2016 and 2020, according to the aforementioned F5 Labs report.
Credential stuffing involves the exploitation of large numbers of compromised usernames paired with passwords. This is not just a problem in the United States but around the globe. As a matter of fact, Securden reported that a total of 3.2 billion breached credentials, password and username combinations, are freely available on the internet.
Password Etiquette & Best Practices
Improving your password etiquette and that of your employees requires proper training and follow-through. Here are a few tips to improve your manners and methods when it comes to your credentials.
~Cook Up Creative Passwords- Good password etiquette begins with making passwords as difficult to crack as possible. Create strong passwords using both uppercase and lowercase letters, numerals, and special symbols that are more than 10 characters in length.
~Utilize Passphrases- Passphrases use a string of multiple words to create more elaborate login credentials that are clever enough to tie up hackers longer as they attempt to crack your passphrase. Longer, more complex passwords and passphrases are troublesome for cybercriminals to figure out without the use of a sophisticated supercomputer.
~Employ Shorthand- Another way to complicate your passwords and passphrases is to shorten standard words. Rather than typing “blue” remove the verbs to have just “bl” or change “happy” to “hpp.” Be sure to avoid common passwords such as names, sports teams, pet names, or the word “password.” Hackers know what common words to look for and know how to wield them to their advantage so just avoid them altogether.
~Change Up the Menu- It’s been reported that it can take bad actors up to several months to exploit stolen credentials. With that in mind, change login credentials every 45 to 90 days. Periodically changing passwords for all employees on all platforms, networks, systems, apps, and devices can help prevent credential theft and breaches.
~Pass on Reusing Passwords- Be sure to use a unique password or passphrase for every account, service, application, and platform. If an attacker does manage to crack one account, they won’t be able to crack them all.
~Be Thankful for Password Generators- When it comes to creating multiple passwords, using a free password generator such as LastPass, F-Secure, or Avast can be quite helpful. This is especially true if you are replacing all of your passwords every six months as recommended by cybersecurity professionals such as ORAM Cybersecurity Advisors.
~Check the Guest List- Your IT department or third-party provider such as ORAM should periodically review the passwords and passphrases being used in your business. Passwords and passphrases being used by employees should be cross-referenced against the Dark Web to ensure that they haven’t been compromised. If there is any indication they have, immediately ask the employee to change their login credentials.
~Limit Access to Passwords and Login Attempts- One of the simplest measures any organization can take is to limit both access to passwords and the number of login attempts allowed. Access to passwords should only be given to people in roles that absolutely need them to conduct their job duties. Additionally, accounts should auto-lock after two or three failed login attempts. Keep accounts locked until the employee reaches out to the IT department or your third-party provider to reset the login and password.
~Train Every Employee- Educate your staff about password best practices. Not only will it be more time-consuming for hackers, but it will make it more difficult for them to figure out passwords as well.
~Manage Passwords Wisely- Finally, employers should subscribe to a password manager and require all employees to utilize it. There are different subscription services for password managers available based on your business needs. Simply speak with your IT department or consult your third-party IT and cybersecurity provider such as ORAM.
If you need support with employing password etiquette, training employees in password best practices, or improving your business’s cybersecurity, contact ORAM Cybersecurity Advisors at (617) 933-5060.
