May 4 is coming up and has been designated as World Password Day to remind enterprise workers and consumers everywhere to use strong, updated passwords to protect cybersecurity.
The idea behind World Password Day on May 4 is to help break the cycle of data breaches that beget more data breaches through credential stuffing. Organisers use the day as an opportunity to encourage people to change their existing passwords and ensure that each of their accounts has got a unique password guarding it.
Security firm BullGuard cited recent studies showing that 90% of all passwords are vulnerable to attack in seconds. Also, 10,000 common passwords like “qwerty” or “12345678” allow access to 98% of all accounts, BullGuard said. Amazingly, 21% of online users rely on passwords that are 10 years old, the company said. It’s no secret that with more and more people having multiple emails, bank, and online shopping accounts, remembering a strong and unique password for each one can be a headache.
Hackers’ password cracking tools take advantage of this lack of creativity. When hackers find – or buy – stolen credentials, they will likely find that the passwords have been stored not as the text of the passwords themselves but as unique fingerprints, called “hashes,” of the actual passwords. A hash function mathematically transforms each password into an encoded, fixed-size version of itself. Hashing the same original password will give the same result every time, but it’s computationally nearly impossible to reverse the process, to derive a plaintext password from a specific hash.
Instead, the cracking software computes the hash values for large numbers of possible passwords and compares the results to the hashed passwords in the stolen file. If any match, the hacker’s in. The first place these programs start is with known hash values for popular passwords.
Two-factor authentication (2FA) should be considered the minimum acceptable level of access control. It requires an extra step when logging into a website to prove you are who you say you are. Two-factor authentication is much more secure than using passwords on their own and provides a considerable amount of protection against both brute force attacks and poor password hygiene. There is a small cost in convenience, but compared to the potential losses of trust, data, and business continuity that a security breach can incur, the inconvenience is trivial.