ARE YOUR PASSWORDS SAFE?

By CMIT Solutions

New Research Highlights Need for Complex Credentials

New research published last month illustrates the changing nature of password security—and the need to strengthen your login credentials. Hive Systems’ annual password table study examines how long it would take hackers to “crack” a password using brute-force tactics, a trial-and-error approach that tests endless combinations of usernames and passwords.

With new AI-powered tools, hackers in 2023 can now crack a 10-character-long password containing only letters and numbers in seconds—up to eight times faster than Hive’s research previously found in 2022. Passwords that contain numbers only are the most vulnerable, with hackers able to crack a 12-number-long one in seconds.

As always, security experts recommend that users mix letters, numbers, symbols, and special characters into their passwords. A 12-character-long password containing that mix would take 226 years for hackers to crack—and an 18-character-long version would take trillions of years to crack.

What Does a Strong Password Look Like?

It might seem self-explanatory, but the following tips can help:

If you have old passwords that consist of only numbers or letters, update them immediately—they’re the most vulnerable.
Create a password that is 18 characters long and contains a mix of numbers, lower- and uppercase letters, and symbols.
If it’s easier, use a memorable core phrase surrounded by unique letters or numbers that are unique to the account, app, or platform.
Avoid using publicly identifiable personal facts like a pet’s name or your child’s birthday in your password.

What Else Can I Do to Keep Login Credentials Safe?

Hackers can get their hands on passwords—even 18-character-long ones—in a variety of ways. Beyond the brute-force tactics outlined above, they can also leverage data breaches, spearphishing scams, and surreptitiously installed malware to swipe credentials.

That’s why it’s so important to build extra layers of cybersecurity protection around passwords. Three key strategies include:

Never use the same password for more than one account. Cybercriminals troll the dark web looking for lists of compromised usernames and passwords that they can use to hack into numerous accounts. Always create unique versions of credentials for each account, app, or platform.
Deploy multi-factor authentication (MFA) or identity confirmation on every account. MFA requires users to enter something they know (their password) along with something they have (a unique code delivered via text or email, a push notification delivered via a single sign-on app, or a biometric identity confirmation). This mitigates the potential impact of a stolen password since any hacker trying to use it will be foiled by the extra step.
Implement an enterprise-grade password manager to keep track of multiple credentials. If remembering an 18-character-long password seems daunting, you’re not alone. Password managers require a user to remember one master password that unlocks access to randomly generated, complex logins for each account, app, or platform. Make sure your business doesn’t use a free, consumer-grade option as these have proven to be vulnerable in the past. Pairing a password manager with multi-factor authentication provides an extra measure of protection.

Take a Proactive Approach to Cybersecurity

Speaking of protection, the best kind is the proactive kind. Check your social media, email, and banking accounts periodically to look for any fraudulent activity and ensure that everything is in working order. If you only use apps like Facebook or Twitter once a month or so, check those first.