Passwords used to be the standard for online security, as they prevent unauthorised data access. But as phishing attacks and data breaches affect more Campbell businesses today, it’s becoming apparent that passwords are not enough to keep attacks at bay.
A significant reason why passwords fail is users’ poor password habits, which include:
1. Weak combinations
Secure passwords can be difficult to remember, which forces some users to use weak passwords, such as numbers, names of family members, or birthdays. Unfortunately, these can be easily guessed by cybercriminals.
Weak passwords have become too problematic in the state of California that the state government passed a law requiring firms to assign unique passwords to internet-connected devices. This forbids the usage of passwords such as “admin” or “password”.
2. Recycling passwords
Some users don’t want to think of a unique password for each of their online accounts, let alone remember them. As a result, they resort to password recycling, or using the same password for multiple websites.
While it may be convenient in the short term, this puts users’ accounts at risk of credential stuffing. This attack uses bots to hammer sites with login attempts using stolen login credentials from data breaches of other companies until they successfully infiltrate an account. Cybercriminals are well aware that users tend to use the same passwords on multiple websites, which raises the need to create more secure passwords.
3. Changing passwords too often
Frequent password changes can create more problems than they solve. Users may struggle to log in to their accounts because they cannot recall their passwords. This may force users to recycle passwords, which defeats the purpose.
Instead, the National Institute of Standards and Technology (NIST) recommends password resets only in the event of a data breach. This way, users don’t have to spend too much time coming up with new passwords that they may easily forget.
4. Storing passwords in plain text
Another common mistake is writing down passwords, whether on paper or electronic spreadsheets. If you do the former, other people may see it and access your account. Meanwhile, passwords stored on your computer can be hacked.
If you want to write down your passwords, you should only include hints that help you recall the password. Make sure to keep them in a place away from the public eye.
5. Not using multifactor authentication (MFA)
MFA is a secondary security solution that works on top of passwords. It can be a one-time SMS code, smartphone notification, or a fingerprint or facial scan. Even if a hacker acquires a user’s login credentials, they won’t be able to access the account without fulfilling the MFA requirements.
Some businesses still aren’t implementing MFA, despite its benefits. Some may find that the security solution is not a priority, while others cannot afford the costs of deploying it. This forces some companies to rely on passwords and other cheap security solutions, making them more vulnerable to cyberattacks.
What is the future of passwords?
While passwords won’t become obsolete anytime soon, the NIST has suggested the use of passphrases to make accounts more secure. A passphrase is a string of words longer than traditional passwords, such as “correcthorsebatterystaple” or “funkychairbrushplugs”. Because they use dictionary words, they are easy to remember but harder to crack.
Biometrics, or the use of physical human characteristics such as facial features or fingerprints, will also play a significant part in the future of online security. Because cybercriminals cannot steal a person’s physical characteristics, biometrics is more secure and will be a preferred authentication method.
Your business deserves the best cybersecurity protection. Our INFINIT Shield service minimizes the risk of cyberattacks by proactively maintaining the integrity of your IT infrastructure. We also work with industry-leading security providers such as Microsoft, Cisco, and Barracuda to provide clients with the best solutions. To learn more about what we can do for your Campbell business, contact us today.