World Password Day
Did you know it takes a hacker only 1 hour to brute force a 9 characters password consisting of upper and lowercase letters only? For comparison: last year it took 19 hours to crack that same password! How are cyber criminals able to hack your passwords faster? How do you protect yourself? And which trends do we see on the Belgian market?
The time a hacker needs to crack a password via brute force techniques has shortened considerably thanks to the improved graphics processing technology. A seemingly complex password from 2021 can now be obtained in only a few seconds. As a result, companies and their employees are more vulnerable to attacks. A hacked password is often the basis of a major cyber attack. More than 80% of the reported breaches related to hacking are the result of a hacked or abused password. More and more companies are falling victim to such attacks.
How to explain this trend?
There are two causes at work here: on the one hand, cyber criminals have increasingly better technologies to crack passwords, and on the other hand, companies still don’t treat their passwords with proper care. Think about standard administrator passwords that never get changed, or easy to guess passwords with a direct link to the company. Users often think they have a secure password by adding several symbols but forget the importance of the length of a password. A complex password of 6 characters can be hacked almost instantly. And finally, companies too often miss the policy to change passwords regularly.
Combine all that with the automated computer programs hackers have and cracking passwords becomes child’s play. All a hacker has to do is select an attack type from an available list and the computer program takes care of the rest.
How do you protect yourself?
Before you start panicking, keep in mind you can protect your passwords by following a few simple rules.
- Combine different words into phrases to create a strong password you can easily remember. Switch out a few letters by symbols. An example: Tod@yIwentShopp1ng or il0veitwhentheSuNisSh1ning.
- Never use the same password for different websites or applications. In case a password gets hacked for one application, all the other are still protected.
- Use a password manager to safely store your passwords. Most digital vaults can help you generate secure passwords.
- Enable multi-factor authentication for an extra layer of protection on top of your user password. This could be something a user knows (like a code or the answer to a question), something the user has (like a pass, an email address or a registered smartphone), or biometric data (like fingerprints or facial recognition).
- Change your passwords regularly. In an ideal world, you change your password after every use. There are applications available to do this automatically for you. Unfortunately, that’s not always possible, so we advise to change your passwords at least every 60 to 90 days.
Does the ultimate uncrackable password exist?
In theory, every password can be hacked. The big difference is the time it takes for a hacker to crack a password. A complex password with 8 characters can be hacked within 1 hour, while the same complex password with 11 characters takes up 34 years to crack. That’s why it’s so important to always consider complexity and the length of a password while creating a new one.
How can spotit help?
The first step to protect your company against attacks is educating your own employees. Spotit offers cybersecurity awareness trainings to help your employees recognize the dangers, to teach them how to safely handle passwords, and to provide them with practical tips & tricks to detect phishing attacks and correctly report them. These trainings can be offered physically via workshops, or digitally via a specific online platform filled with interactive videos and quizzes.