Passwords were once considered an excellent first line of defense when it came to protecting your data. And to some extent, they still are - in fact, according to Gartner, the
longer and more complex your password is, the more difficult it is to crack. In fact, passwords that are ten or more characters long and include three of the four character types
(lower case, upper case, symbols, numbers) are nearly (nearly) impossible to crack.
However, the reality of today’s hacker-breached world is that passwords are no longer enough to keep your information safe. Below are five reasons why passwords aren’t enough to keep your data secure. Odds are, some iterations of your passwords are out there for hackers to use. In today's world, passwords are not enough. Why? Here's why...
Most people choose easy passwords to crack: Cited in an Entrepreneur article, 90% of employee passwords are crackable within six hours - this means that they are less than 8 characters and are not complex. When we assign passwords to our applications, we only think of ease of use – what password will I most easily remember? My birthday, pet’s name, street address, maiden name, and so on. More often than not, we choose passwords that are personal to our life. While this makes it easy for us to remember them, it also makes it easier for hackers, as this is often information that is public, and even an amateur hacker could crack the code. Moreover, how many times has a social media friend sent out a survey and asked for information about pets, elementary school, or favorite food? This information is all frequently used for passwords.
Most people use the same password for multiple accounts: Cited in the same Entrepreneur article, 65% of people use the same password for all their accounts/applications. Again, it’s all about ease of use, and it’s easier to remember just one or two passwords rather than create a new one for each account or application you have. The problem with this is that as soon as your universal password is hacked, they have easy access to ALL of your networks or applications that share the same one. Simply put: use different passwords for different applications. You can still use ones that are easily memorable. For example, if you want to use your dog's name, that's OK - but use the cute name (we all have pet names for our pets... I call my dog fluffernutter all the time, this is not her name... so if I used that, I can use Flu$$erNu$$3r!Mon3y for my bank... and then Flu$$erNu$$3r!$hopp!ng for Amazon. See how that works?
People keep their passwords in plain sight: Cited in the Entrepreneur article, 47% of people maintain a spreadsheet to remember their passwords; 31% use another form of electronic storage to remember them and 27% write their passwords on paper. Whether people realize it or not, most of us leave our passwords out in plain sight for everyone to see. Too often we select the option “remember password on this computer” or even keep a hard copy posted by the PC, a note on our phone or computer or USB that lists all of the password/login combinations.
Even complex passwords aren’t safe: Even as people put importance on making a “complex: password by incorporating numbers, capital letters, and symbols, because of organizations who do not take security seriously enough (not you, right?) your data is out there. You have to protect against THAT! In today's world, data breaches are the norm. In fact, in 2022 alone, over 22 million data records were exposed because of data breaches. So, good password or not, hackers can simply buy your information from other hackers. Yes, you need a secure password (see above), buy you need more.
Access Controls Not Secure Enough: No matter how great you think your password is, oftentimes, when you are on corporate applications, your security depends on access control from your IT team. The TechSperts at STCNtech can help you implement the appropriate controls for your organization. How often should you force password changes? What kind of MFA should we use? Is our data encrypted? Is our data safe when it is backed up? (It is backed up and layered, right?) We are TechSperts in the realm of account and data security, we know how to secure and lock up your data. We can come in, take a look at your technology infrastructure, give you actionable data to make smart choices! Let us help!
Do you think your organization needs a security audit? Contact the experts at STCNtech -- we can check out your ship from stem to stern and let you know where you are doing great, and where you might have to reinforce the bulkheads! Contact us at email@example.com or 610-910-9347 today!