Strong, Safe Passwords – Your First Line of Cyber Defense

Technology is now part of everyday life for the majority of people around the world.

Passwords protect sensitive parts of technology. From user accounts to bank accounts, pin numbers to garage door keypads, cell phones to store cards—all of the data is protected by passwords.    

Remembering all those passwords can be quite a task. When the plethora of passwords you must remember are coupled with requirements to change passwords every 30 days, specifications that require a crazy combination of characters, requirements that you can’t use old passwords, or limitations that you can’t use words or phrases—what a headache!

Password Fatigue is Real and Justifiable

A study by LastPass found that 80 percent of respondents were concerned about passwords being compromised, but 50 percent of that same group had not changed their passwords. LastPass accredits this paralysis to password anxiety and fatigue.

Password fatigue is defined as a feeling of exhaustion or resistance to creating and using complex passwords. It is real and understandable!

With regular news of data breaches, phishing scams and increased cyberattacks from around the world, it can be exhausting to remain vigilant. Maintaining strong passwords is critically important to your cybersecurity though.

Statistics about the quality of password selection and usage are not great. In 2021, the top 200 passwords identified by NordPass in their yearly report were, well, kind of dumb. All 200 passwords identified took under 10 seconds to crack. Yikes!

Coming up with a memorable password is difficult. Just when users think they have a password system, often their tech department adds on Multi-Factor Authentication Multi-Factor Authentication (MFA) is a security enhancement that requires users to verify their identity using multiple credentials before gaining access to a system, application, or service. This layered approach to security helps ensure that the person requesting access is indeed who they claim to be, significantly reducing the risk of unauthorized access. MFA generally involves a combination of two or more of the following factors: Something you know: A password, PIN, or answer to a security question. Something you have: A physical token, smart card, or a mobile phone to receive a verification code. Something you are: Biometric identifiers, such as a fingerprint, facial recognition, or voice, that uniquely identify the user. By requiring multiple forms of verification, MFA adds an additional layer of defense against potential threats, even if one factor (such as a password) becomes compromised. For instance, even if an attacker obtains a user's password, they would still need the second form of authentication to gain access. In today's digital landscape, where cyber threats are increasingly sophisticated, implementing MFA is a critical step for organizations to protect sensitive data and systems. It enhances security for end-users and across the enterprise, making it a fundamental component of a robust cybersecurity strategy. ( MFA Multi-Factor Authentication (MFA) is a security enhancement that requires users to verify their identity using multiple credentials before gaining access to a system, application, or service. This layered approach to security helps ensure that the person requesting access is indeed who they claim to be, significantly reducing the risk of unauthorized access. MFA generally involves a combination of two or more of the following factors: Something you know: A password, PIN, or answer to a security question. Something you have: A physical token, smart card, or a mobile phone to receive a verification code. Something you are: Biometric identifiers, such as a fingerprint, facial recognition, or voice, that uniquely identify the user. By requiring multiple forms of verification, MFA adds an additional layer of defense against potential threats, even if one factor (such as a password) becomes compromised. For instance, even if an attacker obtains a user's password, they would still need the second form of authentication to gain access. In today's digital landscape, where cyber threats are increasingly sophisticated, implementing MFA is a critical step for organizations to protect sensitive data and systems. It enhances security for end-users and across the enterprise, making it a fundamental component of a robust cybersecurity strategy. ) or Two-Factor Authentication (2FA) that might email, text or call the user before they can access their information. 

Passwords Provide Protection

If you knew there were roving bands of international criminals attacking homes and businesses in your neighborhood, would you leave your key under the front mat? Or in the mailbox? Or leave your backdoor unlocked? Of course not. We all want to protect ourselves and the people and things we care about.

This is why passwords are so important. The bottom line is passwords are the keys and hackers want yours.  

According to  IBM's 2021 Cost of a Data Breach Report, 85 percent of phishing attacks went after user credentials—user names and passwords—and 20 percent of data breaches were started because of compromised credentials. Powerful passwords provide protection.

There are Just so Many Passwords…

How do you create powerful passwords, store them securely and actually remember them—without having them posted on a bulletin board or sticky note next to your computer?

Microsoft recommends that passwords have 12-14 characters and a combination of upper and lowercase letters, numbers and symbols. It could be a combination of words, names, numbers, but should not just be one name or word.

We have a guy in the office that can remember passwords. We aren’t sure if that is a gift or curse, but it is impressive! Most people need help remembering their passwords. Others use password generators to create passwords. We recommend password generators when using a password manager.

Some people have a little black book with regular passwords. Intrada staff also use a password manager—actually multiple password managers containing passwords to manage clients’ password managers. It can be complicated.    

So, what is the best way to manage passwords? Intrada recommends a password manager. In the corporate environment, it’s a no brainer. Pay the money to get a business subscription and each user will have an account to manage their passwords and share passwords. Do not share password manager accounts. 

In the personal world, get a family subscription so your spouse, kids and parents can access information in an emergency. Finally, have a hard copy export in a safe that is updated several times a year. 

Credit: Statista 

Password Manager Safety

The big question Intrada often hears is this: Is it safe to have all my passwords in a password manager?   What if the password manager gets hacked and they get all my passwords?

Intrada looks at passwords managers the same as other security items in life. Nothing is foolproof, but password managers are designed specifically to protect your passwords. Password managers have the best protection and systems in place to monitor activity on your account. They are much safer than a little black book that could be lost, a notepad file on a phone that could be copied, or a file stored on a computer or in the cloud.

Don’t Forget to Protect the Computer in Your Pocket

Another item that should be protected is your cell phone. Many systems and accounts can be accessed with information or notifications from cell phones. You need to password protect your phone and guard it like your car keys or credit cards.

Caring is Not Sharing

Sharing passwords is a bad idea. It is also important to use different passwords in case one password gets compromised. This way the damage is limited to that one account.

Recommended Password Managers

LastPass has an easy-to-use password generator:  www.lastpass.com/features/password-generator

Protect Those Passwords

Passwords are very important and the first line of defense against unauthorized access to accounts and systems. Whenever possible, add on Multi-Factor Authentication Multi-Factor Authentication (MFA) is a security enhancement that requires users to verify their identity using multiple credentials before gaining access to a system, application, or service. This layered approach to security helps ensure that the person requesting access is indeed who they claim to be, significantly reducing the risk of unauthorized access. MFA generally involves a combination of two or more of the following factors: Something you know: A password, PIN, or answer to a security question. Something you have: A physical token, smart card, or a mobile phone to receive a verification code. Something you are: Biometric identifiers, such as a fingerprint, facial recognition, or voice, that uniquely identify the user. By requiring multiple forms of verification, MFA adds an additional layer of defense against potential threats, even if one factor (such as a password) becomes compromised. For instance, even if an attacker obtains a user's password, they would still need the second form of authentication to gain access. In today's digital landscape, where cyber threats are increasingly sophisticated, implementing MFA is a critical step for organizations to protect sensitive data and systems. It enhances security for end-users and across the enterprise, making it a fundamental component of a robust cybersecurity strategy. ( MFA Multi-Factor Authentication (MFA) is a security enhancement that requires users to verify their identity using multiple credentials before gaining access to a system, application, or service. This layered approach to security helps ensure that the person requesting access is indeed who they claim to be, significantly reducing the risk of unauthorized access. MFA generally involves a combination of two or more of the following factors: Something you know: A password, PIN, or answer to a security question. Something you have: A physical token, smart card, or a mobile phone to receive a verification code. Something you are: Biometric identifiers, such as a fingerprint, facial recognition, or voice, that uniquely identify the user. By requiring multiple forms of verification, MFA adds an additional layer of defense against potential threats, even if one factor (such as a password) becomes compromised. For instance, even if an attacker obtains a user's password, they would still need the second form of authentication to gain access. In today's digital landscape, where cyber threats are increasingly sophisticated, implementing MFA is a critical step for organizations to protect sensitive data and systems. It enhances security for end-users and across the enterprise, making it a fundamental component of a robust cybersecurity strategy. ) or Two-Factor Authentication (2FA) to ALL online accounts.  Take the time to manage, organize and protect your passwords – its key to protecting your digital information. 

Intrada Technologies offers security audits for organizations. Intrada security audits are comprised of two key areas—a security assessment and personalized, physical inspection. Following the audit, you will receive the assessment results and review them with a dedicated project manager or network engineer. Problem areas will be shared and potential solutions offered.

Or, if you need assistance implementing a corporate password manager, Intrada can help.

Contact Intrada for your IT and cybersecurity needs by calling 800-858-5745 or by filling out the contact form below.

Cybersecurity Awareness Poster 

Click here for a cybersecurity awareness training poster that Intrada Technologies clients may print and post to meet cybersecurity insurance requirements.