Today is World Password Day and despite proclamations that passwords are going the way of the Dodo, they are still a fundamental part of our digital lives. However, they remain a weak link in our approach to cybersecurity and it’s time for us all to rethink how we create and use passwords to protect our identities from cybercriminals. So, we want to take this opportunity to remind everybody about what makes a good password.
- Create a strong, unique password—and ensure it has not already been compromised in a breach. A treasure trove of data exists on the Dark Web, and hackers can easily obtain a password that was exposed in a previous attack and use it to gain access to another account. Enzoic offers a free tool for consumers to check the security of their passwords and recommends that people do so frequently. For enterprises, our screening tool checks passwords at their creation and on a daily basis against a live database to prevent compromised credentials being used.
A strong password needs at least 10 characters, capitalization, numbers, and non-numeric characters. The most robust passwords are four unrelated words that you string together in a passphrase. Do not use common passwords as these are easy to crack.
- Never reuse passwords. Password reuse remains rampant and is a key driver behind the cycle of credential stuffing attacks and subsequent breaches. Just check out some of the scary statistics here.
- Make friends with a password manager. With so many passwords, it’s tough to keep track of every single unique one so make things easier by using a password manager like LastPass.
- Activate multi-factor authentication (MFA). Rather than viewing these extra steps as an unnecessary annoyance, see them for what they are: another layer of protection. Always activate MFA.
- Smart devices need smart passwords. We rely on a multitude of connected devices that also require strong, unique, and uncompromised passwords. Otherwise, these products can act as a conduit for cybercriminals to access our personal information and steal our identities. We all must take steps to keep hackers out.
With billions of stolen passwords on the Dark Web, we need to be mindful of the risks of credential stuffing attacks that exploit weak and compromised passwords. Let’s break the cycle of poor password hygiene that fuels data breaches through credential stuffing attacks. Strong, unique, and uncompromised are the only passwords you need.
Make World Password Day the day you change your password behavior!