Passwords are utilized by nearly every program to protect sensitive information. However, if not created or secured properly, passwords can present a major security vulnerability and potential avenue for data leakage.
According to a CSID survey from last year, 89 percent of consumers feel secure about their current password habits. However, 61 percent admitted to using the same passwords for multiple accounts, and 44 percent of consumers change their passwords once a year or less frequently. Additionally, one in five people have had an online account compromised.
CSID also pointed out that none of the passwords included in the survey were considered very good. Only 33 percent were considered to be strong, and 64 percent were classified as weak.
When passwords are snooped or stolen by cybercriminals, it is incredibly easy for them to break into a company’s internal systems and hijack information; all they need to do is log in. This makes the strength of a password, as well as the level of safeguarding, an essential part of endpoint management on all devices.
Improve password usage
According to CSID President Joe Ross, companies educate employees on the business’s password policies and best practices. If utilizing a company-wide password, employees should be urged not to use the same one on any other accounts. If employees are able to create their own passwords, companies should ensure that passwords are adequately strong and updated frequently for optimum endpoint security.
However, password strength should not automatically be tied to length. Ars Technica reported that longer plain text passwords can still lead to distributed denial-of-service attacks on a server. Cybercriminals exploit a vulnerability in cryptographic hash algorithms by entering large, obviously false passwords to overload server resources.
Therefore, users should create a password of moderate length that incorporates numbers, letters and punctuation where possible, according to CSID. For example, their survey stated that if a user’s password is ‘dietcoke,’ a hacker can crack it almost instantly. However, if a user’s password is ilikedi3tcoke!, it would take a cybercriminal 125,000 years to figure it out.
Companies should also avoid using shared passwords where possible. ZDNet reported that the Maryland State Police were recently performing background checks on thousands of citizens applying for firearm permits. The state scanned the forms into a publicly-accessible website with a shared username and password so personnel could perform the checks. At the time, information on the site, including Social Security and driver’s license numbers, addresses and other personal information, was not encrypted. While the site is now not publicly accessible, the private information of tens of thousands could have been compromised.