In 2022, Verizon provided statistics indicating that 63% of social engineering attacks involve compromised credentials, such as passwords. When a password is compromised, it is highly possible for the effect to spread round other digital ecosystems where you keep your data.
For instance, gaining unauthorized access to your email account can lead to other sorts of privacy ramifications, such as financial accounts takeover, identity theft, and exposure of sensitive information. This translates into the need to understand password security and make the most of best practices for proper authentication.
The password security guide everyone needs
A report from Norton reveals that more than half of all their consumers have experienced cybercrime. As an active internet user, it’s within the realms of possibility that you are in the same boat.
This underscores the importance of implementing security measures for every user, starting with the credentials used to access your digital life. Without further ado, let's explore some guidelines you can follow to enhance your password security:
Create a strong password
A long password does not necessarily mean a strong password while a short password is most of the time a weak password. Why? There are password crackers that can figure out your short password in a matter of seconds; for example, a 4-digit PIN can easily be brute forced, while a 16-character password created with the right security approach can take years to crack.
What's the approach for creating a strong password?
- Avoid using personal information: Some people prefer using personal information for passwords, such as their name, best friend, street, country, pet, lover, etc. They argue that it is easily memorable and accessible for repeated use. However, this method is akin to sleeping with fire on the roof. Any hacker can easily conduct an open-source intelligence (OSINT) exercise or perform a few simple cracking operations to compromise your password in that scenario.
- Mix up letters, numbers, and symbols: Using alphanumeric characters coupled with symbols will strengthen the password and make it more complex for anyone to guess.
- Do not use short passwords: Even with diverse characters mixed in to ensure complexity, using short passwords can make you vulnerable to easier cracking.
- Interchange characters: This means swapping alphabetic characters with numbers; for example, replacing the letter "O" with the number "0" or the letter "E" with the number "3."
Other password security guidelines
Avoid password repetition: Reusing the same password for multiple websites increases the risk of identity theft. If one of the sites you've logged into experiences a cyber attack and customer identities are stolen, hackers can exploit that data to access more accounts.
Avoid making your password public: When it comes to private data and securing your digital access, credentials such as passwords must be kept secret. If you continue to give your access to any random person, you are susceptible to easy compromise.
Use 2FA: Two-factor authentication helps double your security access or validate identity verification to ensure it is not an unauthorized access. 2FA could be in the form of mail OTP, sms OTP, a call, etc.
Opt-in for alternatives: Alternatives such as fingerprints, voice commands, or facial recognition are beginning to get into our daily use. If available, it’s recommended to use these methods for secure access to your accounts, or at least, as a backup strategy.
Password managers: Password managers make your login credentials easily accessible from one safe place. When choosing a password manager, it's also essential to select one from a reputable company with positive reviews. While no system is 100% efficient, opting for providers known for their strong security measures can help you make an informed decision.
The NIST guideline for password security
The National Institute of Standards and Technology has a guideline developed for agencies to follow in order to safeguard users' credentials. Here are a few of these guidelines:
- Make your password at least 8 characters long: NIST enforces that the minimum length for any password should be 8 characters as it has been validated that the longer a password, the longer it takes for it to be cracked.
- Avoid periodic reset: NIST insists that periodic reset is not a way out for malicious users to be kicked out of a system. As users who have diverse passwords for diverse accounts can reset their password by tweaking a few things such as changing small letters to capital letters or even adding a figure, this kind of manipulation can be easily predicted by clever hackers or cracking tools.
- Use password blacklist checker: This helps users ensure that they are choosing a very reliable password, because blacklisted passwords such as simple, weak, or previously compromised words won't be accepted.
- Password attempts should be limited: If password attempts are allowed to be made extensively, hackers can leverage the opportunity to repeatedly try accessing accounts until they break in. Instead, companies can impose restrictions on the number of attempts and also provide a means of reaching their users.
It’s time to take password hygiene seriously
"A breach in one can cause havoc to all" should be a loud mantra in the heart of every user. There should be no hastiness in setting up strong passwords that can be easily remembered or, better still, written down and kept where unwanted people cannot see them. Everyone should understand that digital technologies are hackable, highlighting the importance of robust identity verification measures to prevent unauthorized access and protect sensitive information.