Microsoft Security Report Reveals How Passwords Are At Risk

Microsoft recently released a report that highlights cybercriminal activity and the importance of password security. The company's annual Digital Defense Report analyzes cybersecurity trends over the past year based on threats identified by the software company. In 2020, the report covered cybersecurity trends through the end of June, providing insight into cybercrime throughout the beginning of the COVID-19 pandemic. Reports like this can help us better protect ourselves from hackers and scammers in the future.

Microsoft Security Report Reveals How Passwords Are At Risk

The most significant finding highlighted in Microsoft's Digital Defense Report is a shift toward phishing attacks. Approximately 70% of all cybercrime consists of these types of social engineering attacks that involve sending emails purporting to be from legitimate organizations such as financial institutions. These messages trick would-be victims into clicking links that send them to legitimate-appearing websites and prompt them to enter their login information to access their account or provide sensitive data to verify their identity. However, these emails and the sites they link to are fake, and the victims aren't logging in but providing their password and username or email to the scammers. With this information, cybercriminals can log into the legitimate website of the company they were imitating. Furthermore, if users rely on the same username/email and password combinations, scammers may be able to access their accounts across various sites.

With phishing attacks, scammers don't have to program a virus or take over the victim's computer. They simply have to trick victims into giving up sensitive information all on their own. It's a low-effort, high-reward scam. Of course, this emphasizes the importance of user vigilance. It's always possible for customers to contact their bank or credit card company, for example, directly. Similarly, they can log into real websites to perform any necessary actions. However, there are often telltale signs that an email is fake, including poor spelling and grammar, and not using the customer's name.

Furthermore, phishing attacks are ultimately less successful when users use multi-factor authentication or MFA. With MFA, the user may have to enter a code, scan their finger, or show their face in addition to typing their password to access their accounts. Even if scammers gain access to usernames and passwords, they cannot do much without these secondary authentication measures.

Finally, we can see how important it is for users to have not just strong passwords but passwords that are unique. That way, if scammers trick victims into giving up their login credentials, it only impacts one account. However, many users recycle passwords to use on multiple accounts or rely on easily-guessed passwords, leaving them susceptible to this sort of cybercrime.

A Password Manager Can Help

There is, fortunately, a solution to this problem. Password managers, such as TeamPassword, enable users to create strong passwords and access them without remembering 16 randomized digits. Users typically only have to remember a master password when logging onto their accounts from an authorized device. On top of that, password managers often remind the user to change their passwords frequently. This is important because it limits the amount of time that scammers may access victims' accounts. By making it easy for users to comply with the most stringent password security measures, phishing attacks will be less successful. And if scammers realize their efforts won't pay off, it can impact what next year's Digital Defense Report will look like. Start protecting your teams now with TeamPassword!