Return to Cloudburst

Password Security Is Still Relevant

Published 7/10/24

Passwords were used long before we had computers.  As far back as Roman times armies have used passwords to identify friend vs foe.  In those days, the result of using a bad password could be fatal.

Usernames and passwords are still the primary way of securing access to systems. Bad password management could result in critical data being stolen, leading to significant data loss for your organization, system compromise, and financial loss. The result can be anything from poor PR to significant interruption to the business.

What are the best practices to set and manage your passwords?  Here are the industry standards:

  • Use a mix of upper- and lower-case letters, numbers, and special characters
  • Use longer passwords, at least 12 characters; 16 is better
  • Use a pass phrase, instead of a password, for example
    • Bad: Mississippi123$
    • Good: Invo1ceIceCre@m9!1!
  • Hackers have access to systems that can test millions of passwords per second – so the longer and more complex the password is, the longer it takes to break.
  • Do not store passwords on sticky notes, or in easy to find files on your system. The best option is to use an online password manager
  • If multi-factor authentication is available, use it. This means that in addition to the username/password, you will either have a code to enter from an app on your phone, or a a number from a text message you receive
  • NEVER use the same password for more than one system. Hackers use a method called credential stuffing where hackers use automated tools to try stolen username and password combinations on multiple websites. Since many people reuse username/password combinations across different sites, this method can be quite effective

Some recent examples of successful hacks using credential stuffing:

  • CNet article: Norton LifeLock Accounts Targeted: What to Know and How to Protect Your Passwords
  • TechTarget article: What the 23andMe Data Breach Reveals About Credential Stuffing

In review, create long, complex, unique passwords, and protect them!