It seems like the list of security threats to worry about grows with each passing year. Stories of data breaches that cost companies millions of dollars fill the headlines with frightening regularity. Just the thought of a security breach is enough to keep any business owner awake at night. While the number of threats may be growing, the answers for how to face those threats do not have to become more complicated. In many ways, the most basic defenses can be the difference between a safe, secure environment and a crippling data breach. Unfortunately, those basic defenses are often overlooked or forgotten. While seemingly simple, passwords can be surprisingly effective at deterring hackers, yet businesses choose not to focus on them, even though they can often be the first line of defense.
Overlooking your passwords may be a monumental mistake that winds up costing your business a lot of money. In a report from Trustwave, a security company, the top ten security vulnerabilities for businesses were listed and the results aren't pretty. Weak passwords ended up being one of the top vulnerabilities as seen in penetration tests. From the tests, roughly half of the more than 600,000 passwords collected were cracked in just a few minutes. A shocking 92 percent of passwords were broken in 31 days or less. While 31 days may seem like a long time, there are many determined hackers out there willing to put in the time and effort if they think the target has valuable information they want.
The results of having weak passwords are equally unsettling. In a study on data breaches from the Verizon RISK team, weak or stolen passwords were the main cause of security breaches in 2013. In fact, the same study found that 76 percent of network attacks involved weak passwords. Researchers say that if companies simply used stronger passwords for their accounts and networks, around 80 percent of data breaches could have been prevented or at the very least forced hackers to change their strategies. This was, of course, not the case for thousands of businesses, and the end result was extensive infrastructure damage, heavy financial losses, and ruined reputations.
Now it's clear why your business should change its passwords to something stronger, but what makes a password weak or strong? A number of bad practices have cropped up when it comes to password generation, so it's important you recognize what ones your company might be using right now. Weak passwords usually are those that consist of few characters and feature familiar words or phrases. According to the Trustwave report, the most common passwords used by companies were "Password1", "Hello123", and "password". While it might be tempting to laugh at these sad attempts at passwords, using any simple word is asking for trouble. Some companies may even use the same password for every account they have. Also of notable concern is when passwords are stored in an insecure place, like on a sticky note or in an unlocked desk drawer.
Strong passwords, for obvious reasons, use many of the opposite strategies. Generally speaking, the longer the password, the better it will be. A good starting length is around eight characters, but most experts agree you should shoot for sixteen to be on the safe side. Passwords should also use a combination of upper- and lower-case letters along with numbers and symbols. You should also use a different strong password for every account you have. This may sound like a challenge to memorize so many passwords, but there are password managers out there that can help with that task. Passwords should also be stored in a secure place, preferably in an encrypted format.
When all else fails, your company should ensure all password access features two-factor authentication. This can be done in a number of ways, from one-time use passwords to biometrics, but the main point is that two means of accessing an account are needed, increasing the chances of keeping unwanted visitors out and improving your network security. If you focus on these ideas and tips, you'll have much better passwords that will go a long way toward ensuring your business is protected. Don't overlook the importance of a strong password; the first line of defense should alway be prepared for all potential outside threats.