This article will explain that even with today’s advancements in encryption & security, using weak passwords is still a major problem when it comes to the risk of unauthorized data and account access. Take the steps recommended in this article to ensure passwords are created in a secure manner.
Hackers use a multitude of methods to compromise security and gain access to systems. Hackers learn which passwords you use through brute force attacks. When you use weak passwords, you make it easier and faster for hackers to succeed. This is a risk to both user accounts and administrative accounts.
Why are some passwords considered weak?
A weak password is any password that is short and associated with something easy to know about you. If you are using these types of passwords anywhere, you are increasing the risk of being hacked regardless of whether it is your account from iCloud , a website, remote desktop or anything that can be accessed from the internet.
Unlike 50 years ago before the internet existed when hackers needed to either have a list of stolen passwords or attempt to guess them manually, today methods are far more sophisticated using automation to systematically check for common predictable passwords, (Commonly called Brute-Force attacks or password spraying) checking millions of character combinations let and taking into account factors such as uppercase and lowercase letters, years, and so on. They even take into account the lock out policies, and slow down logon attempts to avoid this.
How can you create stronger passwords?
You can decrease the risk of having your password hacked, but it means giving up ease of use for greater security. Here are a few ways to help prevent being hacked.
- Use complex passwords. Meaning if it is difficult to remember, it is probably a good one. The best passwords are so random it would be extremely difficult to remember. For example something like S5mFio&,$_nhjhrj may be a good one to use. (It does not contain common words, it uses lower case and uppercase letters, it is at least 8 characters long, it contains special characters and numbers and it has not been used before).
- If your account service offers it, use Two-Factor authentication. Two factor authentication relies on something you know (the password) and something you have (a smartphone, email account or security fob) to verify your identity.
- You may have seen this one before, as many banks often use it. You enter your password and are then prompted to answer to one of a series of potential verification questions for which you have previously provided answers. This most often appears used when you request a password reset. For example….Question: What is your Uncle’s name? Answer: Bob.
Most people tend to turn off these additional levels of security, and do so at their own peril. Often services will offer you the complex security options, but in the end it is ultimately up to the account owner to adhere to and use them for their own protection. You can find out more about Password Spraying here.
Paul Comtois is a Client Support Specialist at Triella, a technology consulting company specializing in providing technology audits, planning advice, project management and other CIO-related services to small and medium sized firms. Paul can be reached at 647.426.1004. For additional articles, go to www.triella.com/publications. Triella is a VMware Professional Partner, Microsoft Certified Partner, Citrix Solution Advisor – Silver, Dell Preferred Partner, Authorized Worldox Reseller and a Kaspersky Reseller.
© 2018 by Triella Corp. All rights reserved. Reproduction with credit is permitted.