It was World Password Day on Thursday, 5th May. And while most of us feel we would never use a hackable password, do we actually know what a robust password is? Or how many passwords we should have? Or where we should store them?
History has proven that even large enterprises have fallen prey to hackers through basic password hygiene. In March, the Brazilian hacking group N4ughtySecTU demanded $15 million from TransUnion to not publish millions of personal records which had been reportedly accessed by using “password” – the fifth most common password in 2021 – according to virtual private network provider, Nordpass.
David Lees, co-Founder of IronTree, a leading Managed Service Provider in the Middle East and Africa region offering a suite of backup and cybersecurity products, which was acquired by Metrofile in December 2021, explains, “These days, there are numerous ways to create robust passwords and save them for easy and swift retrieval. Tools like KeyChain Access or software like 1Password, LastPass or Dashlane. Beyond that, you need to “LayerUp“, adding two-factor authentication (2FA).
Companies are unaware of the daily threat via malware and ransomware, with cybercriminals becoming smarter in their approach. Most need intelligent password management, with frequent editing, but that’s basic. You need an expert partner, and not just software, to protect data.”
Businesses have a legal obligation to protect consumer data under the new POPIA act, so they will need cybersecurity, backup, disaster recovery for emergencies, private hosting, and POPIA compliance. That is essentially our five-pronged security suite at IronTree. It has helped us to be acknowledged as Acronis Cyberfit Partner Award for “Best Service Provider’ in 2021 across the Middle East and Africa Region”.
5 common passwords in 2021 and how long it takes to crack them, according to Nordpass:
- 123456: Less than one second to crack, with 103 million uses counted in a study
- 123456789: Less than one second to crack, with 46 million uses counted in a study
- 12345: Less than one second to crack, with 32 million uses counted in a study
- qwerty: Less than one second to crack, 22 million uses counted in a study
- password: Less than one second to crack, with 22 million uses counted in a study
IronTree proposes “The Secure Six” password tips:
- Create complex and unique passwords, which are not easy to guess.
- Change them every few weeks, or even months.
- Make use of a password manager. Password managers act as a library for all your credentials and plug into desktop apps as well as your browser. Your browser does not count as a password manager as a hacker can access the cache your credentials are stored in and exfiltrate them. A password manager can also add multi-factor authentication (“MFA”) to your credentials.
- Following that, use multi-factor authentication. Make sure it is enabled on as many of your accounts as possible. This means you’ll need to verify a login attempt before you’re able to access that service. MFA also ensures that, if an account of yours gets compromised, the hacker won’t be able to access that account until the login is authenticated.
- Don’t use the same password across multiple accounts. This ensures that if one of your accounts is compromised, it won’t lead to more accounts being hacked.
- Don’t share your personal passwords and store them securely. You shouldn’t keep your PC’s password on a sticky note stuck to your desk or write it down in a notebook. This allows anyone to see your password and use it to access your accounts.
Unpacking password management statistics
- 1961: Massachusetts Institute of Technology (MIT) creates the computer password so that multiple people can use a shared computer system.
- 1971: Public-key cryptography is created so two people can authenticate each other without exchanging a cryptographic key.
- 1979: Weak Passwords: A study done by Morris and Thompson demonstrates that guessing passwords through personal information is easier than deciphering passwords.
- 1986: Two-Factor Authentication: Two-Factor Authentication emerges and is adopted.