Password as the First Instance of Protection

2020-05-07

Password day

Did you know that every 39 seconds a hacker attack takes place, over 2,600 personal records are stolen every minute and that cybercriminals make more money than the trade in drugs?

 

WORLD PASSWORD DAY - TIME FOR NEATING UP THOSE PASSWORDS 

World Password Day would probably not make it to the top chart of popularity, nevertheless, it should be included in the more important dates in our calendars.

Why so? It reminds us once again that only a solid password can protect us from unauthorised access to sensitive data, from theft of virtual identity or even our own money. On this day, we sholud focus on “small” cleaning up of our account passwords; change those which have not been changed for some time now and increase complexity and, thus, security of those weak passwords.

HOW TO SET UP A STRONG PASSWORD 

When creating a secure password, you should definitely avoid anything that reduces overall uniqueness and security of the password itself.

WHAT TO AVOID

  • don’t repeat the same password in several services/accounts (in any case, don’t use domain password anywhere else, refrain from using identical passwords for your e-mail and social network accounts, etc.);
  • don’t reuse old passwords after a certain period of time;
  • your password should not consist of names (your own, of relatives, animals), dates (e.g. anniversaries, dates of birth) or names of other things that you (have) published on social networks (Facebook, Instagram, etc.).

A STRONG PASSWORD MUST BE UNIQUE AND ADEQUATELY COMPLEX

Combining is the key:

  •  small and big letters
  •  special characters
  •  numbers
  •  and, finally, long enough as well - minimum of 8 or more characters, ideally of up to 16 characters!

THIS IS WHAT A STRONG PASSWORD MIGHT LOOK LIKE

For example: QcSCTC#zrKk47PRU, ZY!RAdsmXvNrkvYd, RzmST5@LysRKMRqx...

TOP 10 OF MOST WIDELY USED PASSWORDS 

Despite all the recommendations from IT specialists, according to recent studiesthe following ones continue to appear among the TOP 10 of the most commonly used passwords: 

  • 123456
  • 123456789
  • qwerty
  • password
  • 1234567
  • 12345678
  • 12345
  • iloveyou
  • 111111
  • 123123 

INCREASED LEVEL OF SECURITY - PASSWORD MANAGER

Using password manager (application) counts among other recommended solutions that will increase level of password security and take the burden of having to remember or even invent passwords off the user’s shoulders. This app does all this for the user. The only thing that you will have to set up, is one password being the master password. 

INCREASED LEVEL OF SECURITY - USING TWO-FACTOR AUTHENTICATION (2FA)

Using two-factor authentication (2FA), which consists of a unique password, unique user name and of a further safety element such as a validation code (text message, e-mail, software applications, hardware token). 

INCREASED LEVEL OF SECURITY - USING MULTI-FACTORIAL AUTHENTICATION (MFA) 

The use of multi-factorial authentication (MFA) is a method of protecting access to the system (e.g. web or information system), based on a combination of three security areas (so-called "factors"):

  • Knowledge - something that the user is aquaintewd with or knows (name and password)
  • Ownership - something that the user owns (hardware token, smartphone app)
  • Biometrics - something that is a representation of the user themself - something that constitutes the user themself (e.g. fingerprint, face recognition, etc.).

MFA provides for a high level of security, because even when the attackers get their hands on your user name and password, they still need to gain access to something that the user physically has on themself, or to their biometrics, which could be kind of hard to obtain.

BE PROACTIVE AND DON’T SIT WAITING FOR AN ATTACK

Lastly, it should be noted that as far as password security is concerned, the best protection is to be proactive - set up passwords as strong as possible, use MFA or 2FA as minimum, and also have knowledge about whether your login data aren’t lurking somewhere in the labyrinth of darkweb along with your passwords.

If you want to be sure that your account has not been hacked and your password disclosed already, you can verify this simply athttps://haveibeenpwned.com/.

On the other hand, even the strongest password will not protect you, if you enter your login data on a malicious web page, click a fraudulent link, or download a harmful file from your e-mail account.

A FEW INTERESTING THINGS FOUND IN THE AVAILABLE STATISTICS ON PASSWORD ATTACKS

  • Up to 68 % black hat hackers acknowledged that the biggest problem in obtaining data is MFA and encryption. (Thycotic)
  • 57 % of companies globally use MFA, which is a 12 % increase compared to 2018, while up to 95 % of employees using MFA use mobile app and only 1 % use biometrics. MFA is mostly used in large companies that have over 1 thous. up to more than 10 thous. employees. Only 41-44 % of small and medium-sized businesses use MFA, and it is an interesting fact that up to 43 % of cyber-attacks are aimed precisely on these types of companies. (Report from lastpass, sample of 47 thous. companies)
  • The findings show that employees reuse their old passwords up to 13 times on average - and this probability is higher for companies with less than 1 thous. employees, while for IT companies reusing old passwords is recorded, on average, as much as 15 times. (Report from lastpass, sample of 47 thous. companies)
  • In 2018 hackers stole half a million personal data records, which is a 126 % increase as compared to the year 2017. Since 2013 a total of around 3.81 million records were stolen through breaches every day, which is more than 158,000 per hour and over 2,600 per minute. (Reports  Cybersecurity Ventures).
  • There is a hacker attack every 39 seconds. (Security magazine)
  • Cybercrime is much more profitable than the global illegal trade in drugs. In 2018 cybercriminals obtained about $600 billion in total, which is about$200 billion morethan from the trade in illegal drugs. (Cybersecurity Ventures)
  • 73 % of black hat hackers confirmed that the traditional firewalls and antivirus protection are irrelevant, since people themselves and their imprudent behavior play the most relevant role in most of the security data breaches. (Thycotic.com)
  • You can purchase a user account for $1 in the darkweb, bank accounts are a bit more expensive and cost between $3 - $24 and a netflix account will cost you approximately $1.25. (RSA)
  • Up to 32 % black hat hackers acknowledged that they focus primarily on obtaining access to privileged accounts, which can be easily accessible, e.g. by using a phishing attack. (Thycotic)
  • As of March 2019 it is estimated that there more than 14 billion data records were misused or stolen, of which only 4 % are represented by “safe” leaks - i.e. the data were encrypted. (Breach Level Index)