Use strong passwords, un-guessable security codes and hardware encryption to defeat advanced threats
As long as you have a password in place, your data is protected, right? The number and types of breaches we saw in 2012 challenge this notion. From LinkedIn to eHarmony to Twitter, cyber thieves have been on the hunt to break the barriers of thousands of simple passwords. And what is most chilling? it’s not going to stop.
Passwords have been around since the dawn of the digital age, but they are not well understood. Simple, overused passwords can’t protect data from even low-skilled hackers. And people are people, and even when they are outfitted with The World’s Most Secure Flash Drive, need a reminder that making your password “password” is no longer (if ever) considered clever or safe.
With rising attention to data privacy and increasing risk of data breaches, there will be more encryption across all devices and platforms in 2013. Which means that it is never too soon to revisit the password. Here are four best practices organizations should follow to improve password strength their organization:
- Passwords must be longer, stronger and un-guessable
Passwords protected in software are subject to offline brute force attacks, which is why web service hacks can be so devastating. Attackers can go through a database of passwords they have obtained and crack them at their leisure. It is remarkable the number of individuals who use the password “password” or “123456”. These passwords are often the first ones breached by cyber-thieves, as can be noted in last years LinkedIn and Twitter breaches.
- Instead, choose a unique password, with character complexity and a combination of both letters and numbers. A strong password should be at least 12 characters long. The rule is that the longer the password, the longer it will protect you. A good hacker can breach an 8-character password in a few days; a 15 character password might take a year.
- To make the password even stronger, the character complexity should be at random, as complexity alone is not enough to stop a hacker in today’s digital age. Having a strong password makes offline attacks much more difficult for hackers.
- Remember Personal Information is Out There
With today’s heavy social media presence, the names of your dog or your mother’s maiden name are no longer confidential information. The public has access to the information you post on your social media site, and unwittingly offer clues to clever hackers. When choosing security questions for password recovery, be mindful of the information that is public, and create passwords that revolve around something actually “private.”
- Use Hardware Encryption to Combat Advanced Software Threads
Avoiding the threat of brute force attacks on passwords requires heavier hardware – hardware encryption, that is. A password protected in the right kind of hardware makes security simpler, because this kind of brute force attack to decrypt the password is not possible. The hardware will lock up after a low number of attempts (set by policy), and then the attack stops.
And finally, a bonus point: Remember to set strong policies and educate employees. Cyber-thieves are becoming more sophisticated, and strong passwords are the best defense. Organizations must create stricter guidelines for employee password security in order to keep their employee’s personal and the company’s corporate data secure.