Quotes Icon

Andrew M.

Andrew M.

VP of Operations

"We use TeamPassword for our small non-profit and it's met our needs well."

Get Started

Table Of Contents

    Phone locked, police officer pointing at criminal running away.

    5 Password Hygiene Tips to Stop Cybercriminals

    June 23, 20228 min read

    Cybersecurity

    Cloud computing has seen rapid adoption since 2020, with more people working remotely than ever before. One interesting study highlighted that 80% of IT leaders had increased their overall cloud usage. However, while this technology has undoubtedly changed the way organizations operate for the greater good, this has come at a cost, with IT teams having far less control and access.

    One issue many businesses are struggling with is weak passwords, and while most companies acknowledge that this is a security risk, only 35% of companies are concerned about the accidental exposure of credentials.

    So, why should you pay close attention to password hygiene? Here are some reasons:

    • “123456” and “qwerty” are still some of the most commonly used passwords worldwide and can be cracked in less than a second (Cybernews)
    • Around 31% of users update their passwords at least 1 – 2 times a year, while only 18.5% change theirs even if they’re notified of any security issues (Digital Guardian)
    • Three-quarters of Americans struggle to keep track of their credentials (Google)
    • The FBI highlighted that $4.2 billion was lost in 2020 due to cybercrime, increasing the five-year total to $13.3 billion (The IC3)
    • 61% of breaches involved credential data (Verizon)
    • 55% of IT security practitioners don’t utilize 2FA in the workplace (Dataprot

    Table of Contents

      How do cybercriminals steal passwords?

      Hackers are more motivated than ever and will do whatever it takes to get their hands on your money. Verizon’s 2021 Data Breach Investigations Report shows that SMBs with less than 1,000 employees recorded 1,037 incidents and 93% of such breaches were financially motivated. 

      So, what techniques do cybercriminals use to compromise users’ passwords? 

      Social engineering

      This involves threat actors preying on vulnerable employees and psychologically manipulating them into sharing confidential data. One of the most popular social engineering methods used by hackers is phishing. 

      Brute force attacks

      From a hacker’s perspective, brute force attacks are easy to launch and don’t require a lot of effort. Criminals typically use trial and error tactics to decipher passwords or PINs through automated tools that test a large number of password combinations. These tools can crack weak passwords in a matter of minutes.

      Dictionary attacks

      Dictionary attacks – a type of brute force tactic – involve inputting commonly used words or phrases as a password, but they aren’t strictly limited to a wordlist. Instead, they can also include names of people you know or a sports team you support. These are based on information easily found online through online profiles

      However, this method isn’t as successful against passwords containing numbers, symbols, and a mixture of lowercase and uppercase letters. 

      Credential stuffing attacks

      Bad actors typically purchase lists of leaked usernames and passwords and feed these into a botnet, which attempts several logins across multiple websites in one attempt. 

      With more than 15 billion login credentials from 100,000 breaches circulating on the dark web, it’s not surprising that credential stuffing attacks have grown in popularity among cybercriminals. Research from Help Net Security detected some 193 billion credential stuffing attacks worldwide in 2020, with the financial services industry, in particular, suffering the most and reporting around 3.4 billion incidents – an increase of 45% YoY in the sector.

      undefined

      Image Credit: freepik.com

      How to enforce strong password hygiene

      To protect your accounts and organization against cyberattacks, you and your employees need to practice good password hygiene. Consider adopting these tips below: 

      1. Encourage employees not to reuse passwords 

      In 2019, Microsoft’s threat research team analyzed a database that contained 3 billion breached login credentials and identified 44 million Microsoft users who had reused the same passwords.

      Therefore, it’s essential employees don’t reuse the same password across multiple accounts – no matter how complex it is – because if one account is compromised, the rest are at risk too. 

      2. Create a unique password for every account

      A crucial part of password hygiene is making sure you and your employees create a unique passcode for every account. Don’t use words or phrases found in the dictionary or online, and avoid any sequences such as 123 or 2468.

      Consider creating memorable passphrases that contain a minimum of 12 characters and a mixed combination of lowercase and uppercase letters, symbols, and numbers. 

      For instance, let’s hypothetically say you’re a Liverpool supporter and you watched your side thump Manchester United 5-0 at Old Trafford back in October 2021. 

      Something like ‘Liverpool FC beat Manchester United at Old Trafford in October 2021’ could translate to lFc_Bmu@oTi1021.

      Not only is this passphrase complex and more memorable, but it’s also extremely difficult for bad actors to crack, which can significantly reduce the risk of a breach. 

      However, depending on the number of accounts you possess, manually updating every single password may not always be feasible, so it’s worth using a password generator tool to protect your data.

      3. Get into the habit of reviewing and updating passwords

      Most security experts recommend changing your password every few months, particularly if your accounts have been compromised without you realizing it.

      To achieve this, you need to develop a strong security culture. Make sure you provide regular security awareness training and educate your employees about password security. In doing so, they’ll know what’s expected of them, and you’ll significantly reduce the likelihood of someone creating a weak password and exposing your business to bad actors.

      4. Deploy multi-factor authentication (MFA)

      Whatever industry you’re in, multi-factor authentication is arguably one of the most important security tools out there, and it can better protect your passwords from cybercriminals.

      MFA strengthens the login process by requesting users to provide three pieces of information. For instance, you may be asked to provide a password, an SMS code, and a photo of yourself to verify your identity.

      Considering that most people reuse the same passwords, not only will MFA stop cybercriminals from accessing their accounts, but it’ll significantly reduce the likelihood of a security breach. 

      5. Use a password manager

      Let’s face it: our memory isn’t perfect. That’s why most of us use memorable phrases or words as our passwords and make a note of them. Sadly, neither of these are good practice and can do more harm than good.

      With employees already spending around 12.6 minutes per week inputting or resetting passwords, according to Ponemon Institute, simplifying password management is more important than ever for security and productivity, especially in the era of remote/hybrid work.

      Here are a few reasons why you should adopt a password manager to strengthen your password hygiene:

      • Password managers allow users to securely generate, manage and store complex passwords.
      • Login credentials are stored in an encrypted vault and adhere to the strongest encryption standards (AES 256-bit), meaning hackers won’t be able to get through your defenses with brute-force techniques.
      • Some vendors provide dark web monitoring features that highlight whether your login details have been breached.

      Final thoughts

      Simply relying on employees to create unique and complex passwords isn’t enough in today’s cybersecurity world. Instead, IT leaders must educate and encourage the workforce to practice good password hygiene. By adopting the above five actions as part of your security strategy, you’ll strengthen your defenses and ultimately prevent cybercriminals from gaining unauthorized access to your accounts.

      Enhance your password security

      The best software to generate and have your passwords managed correctly.

      TeamPassword Screenshot
      facebook social icon
      twitter social icon
      linkedin social icon
      Related Posts
      Employees standing around computer discussing code

      Cybersecurity

      November 15, 202410 min read

      Creating a Company Culture for Security | 5 Actionable Insights

      Security is both a technical and cultural issue. Employees who value and promote security will prevent cyberattacks, protect ...

      username and password in green lettering

      Cybersecurity

      November 14, 202413 min read

      What Is Password Management? [Complete Guide]

      What is password management? Learn how to effectively manage your passwords with these best practices, tools, and more. ...

      Education administrators working together around a chalkboard

      Business

      October 30, 202413 min read

      Best Education Administration Password Managers: What Schools Need and Why

      The best password manager for education administrators can keep students, teachers, and staff safe from cyber and physical ...

      Never miss an update!

      Subscribe to our blog for more posts like this.

      Promotional image