Our passwords are the keys to our data. We all know that passwords need to be secure, but most people don’t protect them very well. Weak passwords are the main reason you hear about large-scale security breaches, where millions of accounts are compromised. Password security risks are getting more attention than ever before. And for good reason. Passwords are the foundation of our online identities. For instance,
Identity Theft Resource Center , which monitors and reports the Data breaches, says “Data breaches are now a normal, everyday occurrence.” . In fact, in its report , It says that the users don’t act even after data theft.
But before that we need to understand some of the top password security risks.
Also read: ISO 27017 – A global standard for Cloud Security
Top password security risks
- User-Generated Credentials
We all know that we need to protect our accounts and devices with strong passwords, but the most common way for getting access to someone’s account is by having the user tell you their password.Phishing attacks are email, SMS, or web-based attempts to deceive users into revealing their password information. Sniffers are programs that listen in on network traffic and capture sensitive data such as passwords. Keyloggers are malicious software that records every keystroke
2. Insecure,weak and predictable Passwords
Users can create weak passwords that are easy to guess, like using their name or birthdate. As a result, hackers have an easier time trying to crack user passwords and get unauthorized access to your account.Users tend to write down their passwords on sticky notes and leave them near their computer so they can remember them. This makes it easy for hackers to gain access to the system.But you can create a super strong password just by little bit tweaks and innovations. How to create a super strong password is explained clearly here.
Also read: The All-inclusive Cisco SASE (Secure Access Service Edge). Explained
3. Brute Force
Brute force attack tool that allows users to crack their hash files in just minutes. The software is easy to use and its simple interface is very intuitive. Brute Force comes with an array of features that will help you perform the most complex attacks in just seconds. Attackers now use brute force methods and tools to crack passwords. You can see yourself how much time it will take for an attacker to crack your password in this article.
4. Weak password recovery & reset procedures
Bad and weak Password recovery & reset procedures makes it easy to regain access to your account when you forget the login information. There are many ways in which cyber criminals can gain access to users’ accounts by trying to reset the password. Online systems that rely on “security questions” are often too trivial for authentication as attackers can easily gain basic personal details of users from social networking accounts.
5. Use of already compromised passwords
Using compromised passwords means this user is using the same password on different websites which makes him vulnerable to attack. This is a serious security issue, as attackers can use the leaked credentials to access other websites that are associated with the user’s email address. There are many instances of user credentials being compromised as a result of different kinds of cyber attacks. In some cases, hackers can’t even tell that they have been able to hack into systems and steal passwords because the users use similar passwords on multiple websites.
How to fix our password security risks?
1. Salting hashes
Salting hashes is a way to mitigate brute force attacks. It adds an additional layer of security by adding a random string of numbers or characters before the actual password to create a hash value. This makes it so that each user can have their own unique hash, even if they have the same password.
2. Basic online security awareness
Everyone of us should have the basic awareness about Phishing/Bruteforce methods etc. Companies and organisations can make a seminar to their employees in this regard to educate them.
3. Sophisticated technology in storing passwords
Tapping the technology is critical to secure access to stored passwords. Having a better and secure password manager is the most recommended way of storing your passwords in a secure and safest manner.
4. Multi-Factor Authentication
Multi-factor authentication (MFA) is when a user is required to present more than one type of evidence to authenticate themselves on a system or application. Users must be encouraged to use Multi-Factor Authentication to login securely.
5. Strong Password Recovery
We as an user can effectively use the available password recovery systems in a number of ways. We can give hard-to-guess answers to the security questions. We can also tap into adding another layer of security by opting for 2-step verification to recover our passwords..
6. Not allowing to use recycled passwords
Systems should ensure that the user is not allowed to use their old passwords after their expiry. Alternatively we also can help ourselves by not recycling our old passwords.
7. Limiting number of attempts to recover the forgotten passwords
There should be a maximum number of wrong attempts for logging in. This will greatly reduce the Brute force attacks.
8. Enforcing Strong passwords
Strong passwords are the combination of uppercase and lowercase letters, symbols, and numbers. The greater the length, the greater the difficulty in breaking that password by an attacker.
9. Regular Updates about large scale breaches
Large scale breaches are more frequent than ever before.The awareness about large scale data breaches will help us to update our login credentials and passwords .
Also read: Beware of Mobile Malware | 5 Types | How it spreads | Prevention Tips |
Final Thoughts
Password security is becoming more important than ever, especially in an era of data breaches and sophisticated phishing and Brute force attacks. Some enterprises have adopted strong password policies, while others still rely on outdated methods. By enforcing stringent password policies, we can help protect sensitive information from cyber criminals.What do you think of your password security standards? You can comment your views here.