• Home
  • / Password Security and the Likelihood Yours is Not Strong Enough

Password Security and the Likelihood Yours is Not Strong Enough

Posted
11/08/2017
IN

Safety, Security

PW Frustration.pngFor years, we’ve been told that strong passwords include three things: upper and lower-case letters, numbers, and symbols. And why wouldn’t we when the National Institute of Standards and Technology (NIST) told us they were the minimum for strong passwords? Here’s why and how it involves you.

The problem

The issue isn’t necessarily that NIST advised people to create passwords that are easy to crack, but it did steer people into creating lazy passwords, using capitalization, special characters, and numbers that are easy to predict, like “P@ssW0rd1.”

This may seem secure, but in reality, these strings of characters and numbers could easily be compromised by hackers using common algorithms.

Additionally, NIST also recommended that people change their passwords regularly, but did not define what it actually means to “change” them.  Since people thought their passwords were already secure with special characters, most users only added one number or symbol.

NIST essentially compelled everyone, including you and your colleagues, to use passwords that are hard for humans to remember but easy for computers to guess.

The solution

One cartoonist pointed out just how ineffective NIST’s best practices could be when he revealed that a password like “Tr0ub8dor&3” could be cracked in only three days while a password like “ProductionMechanismLeafInside7” would take about 550 years.

Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to make sense of.

Even better, implement the following security solutions within your company:  

  • Multi-factor Authentication– which only grants access after you have successfully presented several pieces of proof
  • Single Sign-On– which allows users to securely access multiple accounts with one set of credentials
  • Account Monitoring Tools– which recognize suspicious activity and lock out hackers

When it comes to security, ignorance is not bliss. If you’d like to learn about what else you can do to beef up security, just give us a call.

Employees Guide to Malware

Subscribe to Weekly Blog Notifications

author-img

Author

Lynne Hade

Read Her Blog