Password Security: A Cyber Security First Approach
Cyber Strategy Session

Password Security: A Cyber Security First Approach

The Importance of Password Security: A Cybersecurity First Approach

In today’s digital landscape, passwords are the keys that unlock nearly everything we do online. Whether it’s accessing sensitive information like bank accounts, email, or even retail websites, passwords are ubiquitous. Yet, despite their importance, many people still underestimate the value of strong password security. Let’s brake down the critical components of password management, discussing weak passwords, strong passwords, password reuse, and best practices such as using password managers and multi-factor authentication (MFA).

Why Password Security is Critical

Passwords are gateways that control access to sensitive information. Every website we visit, from e-commerce platforms to banking sites, requires us to set a password. The main issue is that many people fail to create strong, secure passwords and often reuse them across different platforms. As cybercriminals grow more sophisticated, they exploit this weakness, making password security a vital first step in safeguarding personal and corporate data.

What Makes a Weak Password?

A staggering 66% of Americans reuse passwords across multiple accounts, according to a Harris Poll. However, our real-world audits show that the actual figure is likely much higher. Reusing passwords creates a vulnerability that hackers exploit regularly. Additionally, many people use easily guessable information, such as pet names, birthdates, or family names, which further weakens password security.

Traditionally, cybersecurity experts recommended passwords with character substitutions (like replacing an ‘a’ with ‘@’ or an ‘e’ with ‘3’). Like the word character, Ch@ract3r. However, this method has proven ineffective because hackers have programmed these common substitutions into their cracking algorithms. Moreover, these passwords can be hard to remember, leading to users to resort to dangerous practices like writing them down or reusing them.

What Makes a Strong Password?

Length and randomness are the key characteristics of a strong password. A 15-character password, even one composed of simple words like “WonderForest34*”, can be incredibly secure while still being easy to remember. Passwords that incorporate random objects or passphrases (rather than common words or phrases) make it harder for hackers to guess.

For example, a passphrase like “WonderForest34*” is easier for users to recall than a randomly generated string like “3Gh8$kLp2!”. The latter might offer more security, but the former strikes a balance between memorability and strength. The longer the password, the more difficult it is for hackers to crack—even if they use sophisticated tools like GPUs to run through various combinations.

The Dangers of Password Reuse

Hackers often capitalize on data breaches from major platforms like LinkedIn or Netflix. When a password is exposed in one breach, cybercriminals attempt to use that password across multiple sites, assuming that users have reused it. If your Netflix password is the same as your banking password, you’re giving hackers a free pass to access your most sensitive data.

The solution is to use unique passwords for every site. While this may seem daunting, starting with your most sensitive accounts—such as bank, email, and health accounts—makes the process more manageable. From there, work your way down to less critical platforms, like streaming services, which don’t contain sensitive financial or personal data.

The Role of Password Managers

Given the number of accounts the average person maintains, remembering unique passwords for each one can be overwhelming. That’s where password managers come in. These tools store and encrypt your passwords, generating strong, unique passwords for every account and auto filling them when needed.

It’s crucial, however, to choose a password manager with multi-factor authentication (MFA) and to create a strong master password for the manager itself. The master password is the only one you need to remember, while the manager handles the rest. Popular password managers like 1Password, Keeper, PassPortal, and Bitwarden are highly recommended for their security features.

Multi-Factor Authentication (MFA)

MFA adds an extra layer of security by requiring not only something you know (your password) but also something you have (like a phone or physical security key). This way, even if a hacker obtains your password, they still can’t access your account without the secondary authentication factor. While not foolproof, MFA significantly reduces the risk of unauthorized access.

However, beware of MFA fatigue—a tactic where hackers flood a user with multiple authentication requests, hoping they’ll approve one out of frustration. Always be cautious about unexpected MFA prompts and contact IT if in doubt.

Password Rotation: Is It Still Necessary?

The old advice to rotate passwords every few months has proven to be ineffective. Users often create less secure, easily guessable passwords when forced to change them frequently. Instead, it’s better to use strong, unique passwords for each site and only change them if there’s a breach or a specific reason to believe your password is compromised.

It is very common to see passwords like Spring 2023, and Fall2023 at companies that require password rotation. We also see things like Postcard1!, Postcard2!, or Postcard1@. Hackers know this behavior and they change their scripts to try these combinations.

Conclusion

In today’s digital world, taking a proactive approach to password security is essential. Strong, unique passwords, password managers, and MFA provide a robust defense against cyber threats. By following these best practices, both individuals and businesses can significantly reduce the risk of cyberattacks, protecting sensitive information from falling into the wrong hands.

At 4BIS, our goal is to secure as many Cincinnati, OH area businesses as possible. Please reach out to us about creating an effective Password plan. This is the first step in essential security for your company.

Author

  • Jon Fausz is a best selling author, Cybersecurity, and IT professional with over 16 years of experience. He is guided by a passion to continue learning and to pass that knowledge on to others. Jon is the primary cybersecurity trainer at 4BIS leading hundreds of training sessions and presentations. As the head of the cyber risk assessment department Jon has overseen the auditing of countless company networks. Jon has extensive experience in IT support and company management. This gives him a unique perspective to advise companies on their cybersecurity posture. He knows that cybersecurity is a balance between security, ease of use, and budget.

    Visit Jon's Amazon Author Page!

    View all posts

Sign Up For Our Newsletter

Enter your email to receive the latest news and to learn about interesting events.