The first Thursday of every May has come to be known recently as World Password Day, a day in which both organizations and individuals are encouraged to reset passwords. The ever-growing influence of technology in our lives means that cyber hygiene is immensely important.
Weak passwords may be an easy way for cybercriminals to gain credentials and worm their way into an organization’s network. The best way to mitigate the risk of a cyber-attack is simply education on the subject and taking a handful of precautionary measures.
Multi-factor authentication (MFA), or two-factor authentication (2FA), requires a user to verify their identity using two or more authentication factors when logging in. For example, a user will have to verify their identity by entering a password on their computer and then responding to a mobile push notification. Alternatively, a user may be required to enter a PIN followed by some form of biometric data, such as a fingerprint. Even if one of the factors is compromised, without access to the second factor nothing will be compromised with MFA implemented. The Cybersecurity and Infrastructure Security Agency recommends MFA on desktop access, VPNs, and email.
The National Institute of Standards and Technology’s (NIST) guidance on strong passwords recommends using the longest password or passphrase allowed by the system. This is not feasible for most people, but it doesn’t make a great point in that password length matters a bit more than its actual complexity. You may need to try different variations of a passphrase—for example, some applications limit the length of passwords, and some do not accept spaces or certain special characters. Avoid common phrases, famous quotations, and song lyrics.
“Depending on your web browsers’ settings, anyone with access to your computer may be able to discover all of your passwords and gain access to your information,” CISA warned.
If you’re an individual who chronically struggles with remembering old passwords, then consider using a password manager to store unique and complex passwords for every site you visit. When choosing a password manager, use an industry-recognized provider and never store your passwords in a document saved to your computer. Password managers generate lengthy and complex passwords for you and congregate them in one place, all under the protection of one strong primary password. Passwords saved in a web browser could create security risks.
The CISA said, “Reusing a password, even a strong one, endangers your accounts just as much as using a weak password. If attackers guess your password, they will have access to your other accounts with the same password.”
Organizations should always keep systems up to date and use antivirus software and firewalls to prevent intrusions. Users should watch out for suspicious activity and avoid clicking untrusted links. Every user should be aware of basic cyber hygiene practices to avoid breaches of sensitive information and ransomware attacks. While none of these methods are foolproof, they drastically reduce an individual’s or organization’s overall cyber risk.