CultureAI use cookies to improve your experience on our site. Find out more by reading our Privacy Policy.
I Accept
Your password game is weak. How to make it stronger.

Your password game is weak. How to make it stronger.

Category
Improving security behaviours
By
Max Kurton, CultureAI
By Max Kurton
Date
4th Nov 2022
For
HR Managers

Passwords are no longer a reliable source of security, which is a growing problem. Creating and remembering a complex password for every account and website is difficult. However, employing weak and straightforward passwords is a surefire way to invite data leaks, account hacks, and other cyberattacks.

There are endless flaws in passwords that significantly increase the risk of being hacked, yet so many organisations fail to take recommended measures to keep their systems safe.

A weak password poses one of the most significant security hazards to your computer and company network.

You risk having your network security compromised by hackers when you use weak passwords. You also risk losing data, access to accounts, and having your personal information posted online. The good news is that strong passwords are simple to establish and can be secured against online dangers with password management software.

What exactly is a strong password?

A strong password is made to be challenging for a person or program to guess. A password that is simple to assume poses a cybersecurity concern because the goal of a password is to ensure that only authorised users can access resources.

People frequently forget the point of creating secure login credentials by choosing a memorable password. They select things like their names, phone numbers, and birthdays. Despite numerous jokes over the years about password security, the most common passwords worldwide are still "password1" and "123456".

Now with multiple sites and platforms requiring different password logins, it can be understandable why users take the easiest option. By remembering just one or two passwords with variations, it makes their life easier versus memorising multiple complicated character-based passwords.

However, it is important to remind users of the importance of strong password practice as well as the ramifications of weak passwords.

Issues resulting from weak passwords

Phishing attacks 

As well as becoming more numerous, phishing attacks are becoming more sophisticated. Emails will typically direct employees to a login page that mimics that of the business, with some even passing on the user's credentials to the real site seamlessly, leaving the user completely unaware.

While organisations use strict security procedures, the only truly effective solution is to deal with the root cause of the problem and eliminate weak passwords altogether.

Tainted credentials 

Despite having incredibly secure systems, an enterprise's systems are ultimately only as robust as their weakest link, which is frequently the use of passwords. Employees often use dozens of cloud apps, which means there are many passwords to remember. To deal with this, most people reuse passwords whenever possible.

When a worker reuses a weak password, whether inside or outside of the office, it only has to be compromised on one website to be compromised on all of them. Reusing a weak password in a personal setting on a less secure website could result in the credentials becoming public on the dark web and known to hackers. These sets of usernames and passwords are used in assaults by hackers.

Brute force attack

With a brute force attack, a hacker might try to guess your account or use a password cracker to try combinations of the password until they reach the correct one.

A six-character single-case password has 308 million possible combinations, all substitutions of which a password cracker can go through in just a few minutes.

However, combining uppercase letters and lowercase letters and using eight characters instead of six increases the possible combinations to 53 trillion; substituting a number for one of the letters yields 218 trillion possibilities, and substituting a special character or punctuation for 6,095 trillion possible combinations.

Although a password cracker can eventually go through that many combinations, hackers need much more time and computing power to break a more complex password.

Want to learn more?

Find out how CultureAI can prevent users using weak passwords

How to make your password stronger

Password Manager 

Password management software is a fantastic resource for managing all of your different online usernames and passwords. By strengthening weak passwords and preserving your login information, so you don't have to remember it yourself, they offer enhanced online security and the certainty that your 

data and personal details are protected from harm when you browse and make purchases online.

The Best Password Managers

The following are the top suggestions for password management software based on recent reviews: 

  • Nordpass

  • LastPass

  • Dashlane

  • Keeper 1Password

  • Sticky Password

You may choose the best password manager for your needs by reviewing the various choices each password manager offers, along with which ones provide a free tiered pricing structure and how much you are ready to spend above this to protect your data. 

Great qualities to search for include: 

  • Using two factors authentication 

  • A browser extension 

  • Automatic password updates 

  • Monitoring for data breaches Productivity tools 

  • Contact information autofill 

  • Saving information about online purchases

Password Vault

People can store and manage their passwords with the aid of these programs. They encrypt the user's passwords and only allow access with a very secure "master" password. The user never has to type their passwords again once in the vault; this system enables users to create highly secure passwords (for example, 30 digits with eight characters and nine numbers). It is efficient, simple to use, and generally safe, and this tactic is being employed increasingly frequently.

For security teams to ensure access to all systems, password complexity checking should be implemented. However, ensuring that staff obey the regulations becomes a relatively arduous chore. By utilising these programs, it is possible to specify the password's minimum length and content. They can also filter out words from a dictionary like "password"! Although many firms currently accomplish this, the true objective is widespread compliance.