Make no mistake, one of the easiest ways cyber-criminals can break into your IT systems is by hacking employees’ passwords. Using sophisticated technologies, they can crack hundreds of millions – even billions – of passwords in a matter of seconds. No one, it seems, is immune. Even Facebook founder Mark Zuckerberg was a victim when his Twitter and Pinterest accounts were hacked earlier this year.
Obviously, there are a lot of steps businesses can take to thwart these kinds of attacks, some more sophisticated than others. But one of the easiest is to encourage employees (and home users, for that matter) to use passwords that enhance rather than weaken the security of the enterprise. Here are some of the ways you can do that:
Go long. Use passwords with 12 case-sensitive characters. They’re harder to crack – and the combination of capital and lower-case letters, symbols, and numbers is even more difficult to breach. Note, too, that the more symbols you use in a password, the longer it takes hackers to figure it out.
Close the dictionary. Some of the first things password-hacking software looks for are words that are found in the dictionary, so it’s best to avoid them. That’s not to say you shouldn’t use easy-to-remember words; just use variations of them. For example, think of a phrase made up of common words – “our piano is a baby grand” – and drop the vowels. So it becomes rpnsbbgrnd. Also, don’t link dictionary words to form one word (“myaimistrue”). Hackers have figured out that trick.
Think sentences (sort of). This is a smart and highly recommended strategy that works like this: Come up with a sentence that will be easy to remember; i.e., “Cubs finally win the World Series.” Then take the first letter of every word, replace some of them with numbers, and toss in a symbol. So with the previous example, you’d get C1w2WS!
Don’t make it personal. It’s only natural to use personal information – birthdays, anniversaries, pet names, etc. – that are easy to remember. But try not to. There is a lot of information on the Internet about employees, from Facebook to Twitter to LinkedIn, and that makes it easy for a committed hacker to track it down and test it.
Don't fall into a pattern. Cyber-criminals’ software looks to patterns when trying to crack a password. So you don’t want to use patterns that are common and easy to recognize. Some of the more widely used letter-number combinations are passwords that begin with a capital latter, followed by six lower-case letters and two numbers; a capital letter followed by five lower-case letters and three numbers; and three lower-case letters followed by five numbers.
Take random action. You can also just come up with a pass phrase made up of 12 random words, such as Cats yard brick street table car burger candle witch hose lamp tree. Yes, it may be harder to remember…but it will certainly be secure: Twelve-word pass phrases can take up to 238,378,158,171,207 quadragintillion years to crack. (For you math fans, a quadragintillion is 10 to the 123rd power. For you non-math fans, that’s a long, long time.)
Avoid the obvious. Some passwords are so common and overused that they make hackers’ lives easy. What are they? A study based on leaked Yahoo information identified these as the 10 worst offenders, in order:
Don’t fall into the trap of trying to adjust an easy-to-crack password by replacing one or two characters, either; “welcome” becoming “welc0me,” for example, or “sunshine” becoming “s0nshine.” Hacker technology has figured out how to swiftly and easily break that code.
In addition to all of the above, some common sense rules apply: Don’t share passwords, change them regularly, and don't reuse them over and over again. From a more technical standpoint, businesses and organizations can also reduce the risk by looking at options for password management, recovery, and protection offered by an IT services provider. That can add efficiency, increase confidence, and deliver ultimate peace of mind.
ABOUT THE AUTHOR
Mark Elliott is a Best-Selling Author and CEO. His company, 3i International, helps you apply technology to improve performance and compliance. For over 25 years, Mark has been helping startups to Fortune 500 companies overcome the technology challenges they face. He develops strategies to analyze, manage, and adapt to the ever-changing technology landscape. A central focus has been security and compliance. His experience includes preventing, detecting, and responding to hackers and threats. This keeps your organization safe from invasions while simultaneously meeting regulatory compliance.