We’re currently halfway through 2024…have you changed your password yet? If not, we have some password tips and advice to get you started. With the average cost of a data breach being $4.45M in 2023 – can you afford not to? In 2023, 19% of the data breaches that companies suffered were due to compromised credentials, making having a strong password (and password policy) more important than ever.
A whopping 82% breaches in 2023 involved data stored in the cloud. As organizations continue to invest in Cloud Storage and Infrastructure, it’s critical to give yourself a leg up on attackers with a stronger password.
You Need a Complex Password…Period
In a 2023 study it was found that the top 5 passwords used were:
- 123456 (4.5 million counts)
- admin (4 million counts)
- 12345678 (1.37 million counts)
- 123456789 (1.21 million counts)
- 1234 (1 million counts)
What do all of these have in common, besides being terrible passwords? They can all be cracked by a threat actor in less than 1 second.
Tips for Creating a Secure Password
When choosing a password, it’s important that it’s complex and not easy to guess. Here are GadellNet’s tips for password best practices:
- Contain 12 or more characters.
- Do not reuse passwords you’ve used before.
- Combine numbers, uppercase letters, lowercase letters, and at least 1 symbol (avoid ! and ? as they are commonly used).
- No references to family members, schools, or other publicly identifiable information.
- Avoid using a year in your password.
- Using a series of words and spaces can be most secure, such as “horse caravan fish grass stadium.” It is not only hard to guess, but it is even harder to crack.
- Creating words using special characters is also a great way to create a new password, such as T3c#nologyr0ck$ (technologyrocks) or br@veRoll3r$ (braverollers).
Are you curious about how length impacts the likelihood that your password could get cracked? Check out this chart below, courtesy of tech.co:
Don’t Reuse Passwords
Eighty-six percent of Web App attacks use stolen credentials, typically coming from large breaches of e-commerce, retailers, or other platforms.
At first glance, this may not seem like a big deal – it’s only one place right? Unfortunately, many people reuse password, and the average user has over 100 passwords.
It may seem easier to keep track of one password across several sites, but it not only increases your risk, it increases the time it takes to shore up your security in the event of a breach.
Keep your passwords unique site-to-site (tips below on how to manage this) to keep your other accounts and data safe!
Change Compromised Passwords Quickly
Should you be a victim of one of the breaches mentioned above, quickly change your password to something new and unique.
When these breaches occur, your e-mail, password, and other identifying information can be posted on the web for all to see.
Resetting your password(s) quickly, and not re-using the same ones across sites prevents bad actors from getting access to not only the account on the breached website, but also others that may reuse the same credentials.
Are Security Questions Secure?
The short answer is “not anymore.” As the internet is now widely adopted, you can find anything about anyone online. Scary, right?
A question like “What Street Did You Grow Up On?” may seem hard for someone to guess, but chances are someone can find that if they look hard enough.
Same with questions that may be personal information that can be found on the web such as your high school, college, first pet, and more.
My best tip for this one – choose the questions that are harder to find, and instead of using a formal reply, shorten or use a nickname for the actual answer.
Get a Password Manager
You may be thinking you’ll never be able to keep track of these complicated, longer passwords.
Personally, I use a password manager to keep, create, and notify me of issues with my passwords. It has been a time-saver and frustration-preventer since I started using Dashlane more than seven years ago.
A password manager stores all of your passwords securely and offers password generators that create and save complex passwords for you. They monitor compromised passwords, and allow you to share passwords with trusted colleagues and family members securely. They have family and business plans that reduce costs for groups of people.
One of the best features of modern password managers are the notifications available. They will send you an alert if your password is posted on the web or if there’s a breach with one of your accounts. This allows you to quickly reset the password with the click of a button.
In addition, they often include secure note functionalities, allowing you to save valuable information in a secure place.
It’s easier than ever to create and keep your passwords safe across multiple devices with platforms like Dashlane.
Are your Technology Partners Secure?
Fifteen percent of breaches involved a 3rd party suppliers such as software supply chains, hosting partners, or other. When you’re vetting a new partner, vendor, or service, ask them about their security posture – after all they will be holding some of your data!
GadellNet completed its SOC II Type 2 Attestation in 2022 and renews it every year to ensure we have strong internal controls. It also demonstrates that our products and services are built around security and availability.
Final Notes on Secure Passwords & Password Management
In 2024, it’s more critical than ever to have secure passwords and password policies – both personally and professionally.
One of the tools GadellNet offers our clients (at no additional cost) is QuickPass. Quickpass is a tool every user can install on their phones to help them reset passwords, unlock their accounts, and get notified of upcoming password reset timing. You can read more about Quickpass here.
We have a robust Cybersecurity Team here at GadellNet – if you’ve got questions about your organization’s risk and identity security – we’re here to help!
Read More Cybersecurity Articles: