Please fill in the form below to subscribe to our blog

Categories

Tags

Australia BullPhishID BullPhish ID Canada commercial credential stuffing cyberattack cybercrime cybersecurity Dark Web dark web credential loss Dark Web ID dark web monitoring dark web threat Data Breach Data Breach Alerts data compromised data loss prevention data theft France hacking healthcare insider threats Japan MSPs MSP Solutions MSP Space nation-state hackers Passly passwords phishing phishing resistance phishing resistance training ransomware remote working retail security security awareness training SMB cybersecurity stolen credentials supply chain risk The Week in Breach third party risk United Kingdom United States

The Importance of Building Better Passwords

February 06, 2020

Good password hygiene is one of the easiest ways for businesses and consumers to protect their accounts from the millions of attacks threatening personal data every day. Unfortunately, many people continue to use and reuse the same simple, easily-guessable passwords that have plagued accounts practically since the inception of digital login credentials.

For instance, despite being a veritable internet meme, passwords like “12345” and “password” were still some of the most common selections in 2019. Incredibly, it’s estimated that nearly three-quarters of all passwords are duplicates, which can have costly consequences across many accounts and put valuable personal or company data at risk.

At ID Agent, we’ve combed the Dark Web, hacker forums, and other malicious environments, searching for user behavior trends that contribute to today’s poor password usage. Keep reading to learn what we’ve uncovered about password trends and see how you can protect yourself and your organization from being caught in the midst.

The Problem With Today’s Password Habits
#1 Passwords are personal.

Many users are creating passwords based on personal details. According to one study, 59% of Americans use a name or birthday in their passwords, 33% include a pet’s name, and 22% are composed of their own name. For many users, personal passwords are a matter of convenience because they are easy to remember when accessing digital services.

However, not only is this information widely available on social media accounts, making these credentials easy to guess and decipher, it’s an unsustainable practice in today’s expansive digital environment

Today’s users often manage as many as 135 different platforms that require login credentials, which means that they are either forced to reuse existing personal passwords or to develop a litany of bad passwords to participate in all of these platforms.

Unfortunately, this often leads to other data security problems, including:

  • Storing passwords in plain text.
  • Simplifying password information to make it more memorable.
  • Deploying password managers guarded by similarly weak passwords.

As a result, people frequently choose passwords that can be divided into 24 common combinations that are easy to guess or attain through data breaches, password dumps, and Dark Web forums.


#2 Passwords are too short.

It’s no secret, people are not great at generating complex passwords. In our latest report on password trends, we found that the average length was just 7.007 characters in length, and many were as short as four characters.

A recent survey found that 66% of people are using passwords that are too short and unsophisticated, enabling hackers to easily decipher their credentials in hours or even minutes using today’s technology. What’s more, many don’t even require the new or most capable technology to access accounts. Weak passwords are susceptible to brute force attacks that apply the billions of records already compromised in other breaches.

Simply put, users are demonstrating an unwillingness to practice healthy password hygiene, which can go a long way toward preventing a catastrophic data breach. With nearly half of employees indicating that they use the same passwords for their work and personal accounts, it’s a problem that businesses should address in 2020.

As a result, people frequently choose passwords that can be divided into 24 common combinations that are easy to guess or attain through data breaches, password dumps, and Dark Web forums.


Better Processes & Better Passwords
This year, companies must improve password standards, and the process might not be as challenging as many fear.

  • #1 Train employees in password best practices. Today’s threat landscape has accelerated much faster than many people understand. In the same way that awareness training can transform an organization’s ability to combat phishing scams, these initiatives can bolster password management as well.
  • #2 Provide better solutions. Creating and managing strong, unique passwords for every account is impossible for most people. Rather than leaving employees to fall into bad habits, provide password management solutions to every employee. These services can equip every user to safely create and store their password information.
  • #3 Deploy two-factor authentication for every account. Even those most complex passwords are not enough to protect against every cyberattack. In 2020, multi-factor authentication, single sign-on, and identity management solutions are a critical component of any defensive strategy, and they can both bolster and augment employees’ password standards.

A Final Word
It’s time for every organization to evaluate its defensive posture through the lens of the most prescient risks in today’s threat landscape: passwords. Ultimately, they serve as symbolic gatekeepers to our most sensitive details and should be treated as such. Updating account security standards is one of the first places to start.

At ID Agent, we’ve been hard at work evaluating the worst passwords on the internet. Download our list of the Top 50 Worst Passwords of 2019, and see if yours is on the list!

{{cta(‘efa01473-0f1a-42f4-8442-ad1b3af1a382′,’justifycenter’)}}