6 facts about passwords that will make you THINK.

Cyber security is absolutely crucial in the online world and passwords are a huge part of that. However, while many are aware of this and know that we need to use unique usernames and complex password combinations, this doesn’t always happen. Even reports of cyber attacks and breaches have not made a huge difference over the years, with bad password habits much more common than you might think.

Would you like to become a cyber-security champion?

Download our Cyber Security White Paper

In the light of the above, we’ve decided to go through some interesting password facts, with the hope that it will make think about how you are creating, using and storing your passwords in the future.

Fact #1: Passwords are easily hacked because most humans follow similar patterns

When the Web started and passwords were first being used, the most popular password was ‘12345’. Today, although it is longer, it is hardly safer as ‘123456’. Moreover, studies have found that women are famous for using personal names in their passwords, and men opt for their hobbies.

Amichai Shulman, the Chief Technology Officer at Imperva, which makes software blocking for hackers commented on these patterns saying “I guess it’s just a genetic flaw in humans … We’ve been following the same patterns since the 1990s”.

Fact #2: 59% of people use the same password everywhere

91 % of people know that password recycling poses enormous security risks. Yet 59% still use the same password everywhere. Therefore, if a cyber criminal was to crack one of your passwords, they would be able to access all of your other accounts.

According to research, there is often an overlap with the passwords created for personal and work accounts; 62% of people use the same password for work and personal accounts. Because of this, it is paramount that businesses pay close attention to the password hygiene of their staff.

Password generators are a great tool to use if you are finding it difficult to come up with multiple, strong passwords. They work by automatically generating a password using parameters such as mixed-case letters, symbols, numbers, length and strength.

Fact #3: 7 in 10 people no longer trust passwords to protect their online accounts

When we are online, passwords are required for nearly everything we do. So if people don’t trust them any more, what’s the answer?

Multi-factor authentication (MFA) or two-factor authentication (2FA) are two popular authentication methods which will verify a user’s identity by requesting multiple credentials. These include something you know, something you have and something you are. Something you know could be a password, something you have is a possession such as a generated code on your phone, and something you are could be facial recognition, a fingerprint or an eye scan.

Since traditional usernames and passwords can be stolen easily, they quickly became a target for hackers which explain why many lack trust in them. MFA or 2FA are good ways to make all online accounts more secure.

Fact #4: 86% of people who use 2FA feel their accounts are more secure

Passwords have been the mainstream form of authentication since the onset of the digital revolution. Unfortunately, as passwords and methods for encryption have become more complex, so have the skills of cyber criminals.

2FA is an integral aspect of cyber protection that should be adopted by all companies as it adds the extra layer required to neutralise the risks associated with compromised passwords. Implementing it is relatively painless for users, and usually, with little or no expense to your business.

At Serval IT Systems we understand the importance of good cyber security protection, which is why with many of our products we encourage the use of 2FA. This is especially the case for more demanding environments such as legal, financial services and local government where it is strictly enforced.

Fact #5: 90% of passwords can be cracked in less than six hours

Think you have a strong password? Think again…

Hackers are becoming more sophisticated day by day and have a range of methods in which they use to crack your passwords. To help keep secure, it is useful to understand these methods  – below are four:

  1. Dictionary attack – In a dictionary attack, a software will systematically enter words that can be found in a dictionary. The only reasons this kind of attack still works is because individuals are remaining to rely on easy-to-guess words for their passwords.
  2. Brute-Force attack – A brute-force attack is when cyber criminals use a software which will try guess every possible combination until it hits yours. They often start first with the most commonly used passwords and then move on to more complicated sentences.
  3. Credential stuffing – Credential stuffing reinforces the dangers surrounding re-using usernames and passwords for multiple accounts. It works where credentials obtained on one platform from a data breach are used to attempt log-ins on other platforms.
  4. Social engineering – Phishing has remained one of the top social engineering methods used by hackers to crack passwords for some time now. To do this they try to appear as a trusted source and will then concoct a scenario which requires the victim to hand over login credentials or other sensitive personal data.

Fact #6: 18% of employees share their passwords with others

Password sharing is a common error of many, and can seriously compromise the cyber security of an organisation. But why do employees do it? Research told us that 42% of workers do it so they can more easily collaborate with team members, as well as 38% saying they share passwords because it is company policy.

If a hacker gains entry to your system, shared passwords will make access to other parts of the network much easier. Furthermore, how are you supposed to establish who is doing what? Through taking the time to enforce an updated password policy, you will reduce the likelihood of password sharing related risks internally as well as externally.

Please get in touch to see how we can help you improve your cyber security.