Passwords are central to verifying your online identity and protecting personal and business assets. A key component of digital authentication, passwords are your primary defense towards account compromise, access to sensitive information, or theft of valuable data. The top reason for data breaches worldwide are stolen, weak, or reused passwords. Treat your passwords as your most valuable asset by following regulatory and industry guidelines for password best practices. 

 

Need a pick-me-up?

 

According to Verizon’s 2021 Data Breach Investigations Report, 80% of successful breaches were linked to passwords or stolen credentials. IBM’s 2020 Cost of a Data Breach reports one in five companies were infiltrated using stolen or compromised accounts. In 2020, Marriott International exposed names, addresses, phone numbers, and passport information of 500 million customers when employee access to their reservation system was compromised. In 2016, Uber lost records for 57 million riders when an attacker leveraged an employee’s GitHub account. Cyber criminals know the value of passwords and bank on you giving them the keys to the kingdom.

 

 

https://www.techtarget.com/searchsecurity/post/Enterprise-password-security-guidelines-in-a-nutshell

https://www.techtarget.com/searchsecurity/post/Enterprise-password-security-guidelines-in-a-nutshell

Strong Brews

As breaches become commonplace, cyber criminals have an arsenal of information to compromise your account. Every corporate heist adds to the library of names, email addresses, birthdays, SSNs, and security questions/answers available on the Dark Web. Chances are high your sensitive information or passwords have been catalogued and it’s a matter of time before you are a victim. 

With catalogues of victim information readily available, attackers combine the power of compute, to reduce your defenses. In brute force attacks, hackers run programs with powerful GPUs capable of checking any combination of letters, numbers, and symbols to learn your passwords. Combined with Dark Web catalogues, brute force attacks buy time for attackers to crack your passwords. Put time on your side, perk up! It’s time to polish your passwords.

 

Be fab-brew-lous!

Percolate unique passwords for every account. Avoid the temptation to use familiar names (family, friends, or pets), birthdays, SSNs, or common answers to security questions. Add flavor by using random strings of words or passphrases to create obfuscated passwords. 

☕ Cool Beans

• Latte Characters - Use 12 or more characters. 

• (@1^*$2#%$3!+_) - Use combinations of letters, numbers, and symbols.

Do a Double Shot

Enable Two-Factor Authentication (2FA). 2FA introduces push notifications, SMS text messages, or time-based codes as a backup to single password use. In the event your password is compromised or stolen, attackers cannot access your account without a second factor. Use 2FA applications like Duo or Google Authenticator to secure your personal or business accounts.

☕ Cool Beans

• Sweet SMS Codes - Register a valid phone number with service providers so they can send verification codes.

• Mocha Factor (MFA) - Consider using hardware security keys from Duo or Yubikey.

• Best BioMetric Brew - Enable biometric authentication methods like finger print readers or facial scans.

Perfect Passphrase

The most important factor in password strength is length.

Add a dose of complexity with word strings crafted in random phrases. For example, Snoopy and Woodstock becomes Sno0py&ws. Or tusk crestless freezing nacho becomes Tusk#crestle$$-fr33zing=n@cho. 

☕ Cool Beans

• Expresso Yourself! - Passphrases help with memorization when you mix familiar terms. For example, your elementary school name (Main Street Elementary) and your pet’s birth month and year (12/96) becomes m1A2/i9n6. 

• Add Flavor - Use random password generators like http://www.useapassphrase.com

Dump Dark Web Roast

Credentials are dumped on the Dark Web every day. If you learn your information has been exposed in a breach, change your passwords immediately. Rethink recycling and reuse. If you use the same or similar password across multiple accounts, attackers can access all accounts. Avoid modifying passwords using the same prefix or suffix (e.g. password1, password2, password3). 

☕ Cool Beans

• Capp-u-ccino? - Regularly scan for credentials exposed on the Dark Web. Subscribe to services like https://haveibeenpwned.com.

Hug Your Mug  

Tips for password safety:

• Change passwords frequently. At least annually.

• Avoid saving passwords to systems and applications you do not control or trust.

• Refrain from sharing your password verbally, in writing, text or email.

• Password managers native to your operating system like Apple Keychain or Windows Hello are helpful, but hardware security keys are even better.