May 4th is World Password Day. In honor of the occasion, we have gathered some interesting articles and information from recent articles and studies to share with you. Passwords are often a major pain point for users; however, passwords are the keys to your kingdom, and bad guys definitely want your passwords.
Last week, Verizon released its 10th Annual Data Breach Investigation Report (http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/) last week, which (as always) contains good information and lessons to be learned. The surprising password-related statistic from the report showed that 81% of hacking-related breaches from 2016 leveraged stolen and/or weak or guessable passwords.
A study by Dashlane, a leading password manager provider, pointed out that the average American Internet user now has 150 accounts requiring a password. One compromised account could potentially allow an attacker to gain access to others should passwords be similar or shared. Another survey called the State of Consumer Privacy and Trust survey released by Gigya showed that “despite security fears, password hygiene remains poor, with 70% of consumers using seven or fewer password across all of their online accounts.
SBS CyberSecurity recommends the following steps to protect your accounts through stronger passwords:
- Remember that the length of your passwords is the single most important factor
- While eight (8) characters with complexity is still the “standard,” SBS (along with most best-practice guidelines) recommend 14 character passwords
- To help with longer, more complex passwords, consider a password manager to store complex passwords to websites (LastPass, KeyPass, etc.)
- Avoid sharing passwords across multiple accounts
- Where possible, utilize multi-factor authentication
- Educate employees on the importance of good security practices regarding passwords
For more information on passwords and authentication, including a video you can share with all your users, SBS has recently published three (3) new items to our blog that you might find helpful. Check out the following links:
- The Password is Dead; Long Live the Password: https://sbscyber.com/blog/ThePasswordIsDead/
- Authentication: What is Multi-Factor: https://sbscyber.com/blog/authentication-what-is-multifactor/
- System Access Authentication Video: https://sbscyber.com/blog/CBSystemAccessAuthentication/