In the 1980s, actor Matthew Broderick starred in two movies where weak passwords and hacking were a featured plot point. As a nerdy gamer ne’er-do-well, Broderick stars as David Lightman, who changes his grades and that of a friend’s by remotely accessing his school’s computer system. Later, he cracks into a government database after research yields a simple computer password. Broderick pulls a similar grade-enhancing stunt as the too-cool-for-school teen in Ferris Bueller’s Day Off.
More than 30 years have passed since these blockbuster hits, and to be sure, computer technology has evolved in remarkable ways. But, amazingly, there is nothing trite or dated about how these two characters played by the same actor, breached high-level data systems.
That’s because the way most Americans create, use, and save weak passwords today has changed little over the ensuing decades. If anything, the problem has gotten worse. Our lives have shifted entirely online, accessible via our smartphones 24/7/365.
Let’s face it; remembering a password is a hassle at best. As a result, we fall back into our collective lazy ways. According to a Digital Guardian 2018 survey:
- 70% of people in the U.S. have more than 10 password-protect accounts
- The average email address is associated with 130 accounts
- Most users still use the same password for multiple accounts regardless of the risk
- 50% of users store passwords in vulnerable places on their computer or remote devices irrespective of the risks (that’s the 1980s equivalent of writing it down on a post-it)
Best Practices to Combat a Weak Password
The good news, however, is that beefing up your weak password security isn’t as daunting as it sounds. First and most important, update your passwords once every six months. At the very least, update your computer passwords annually. You should also update a password if you receive notification that an account may be compromised.
Next, and this is critical, too – never recycle passwords, especially a weak password. Recycling passwords means transferring that combination of letters, numbers, and special characters from one account to another. Once you use a password, it should be gone forever after your update. To go one step further, avoid variations of the same passwords. Likewise, any password you use should contain a minimum of eight characters and a combination of numbers, letters, and symbols. Most online companies today require all of the conditions for your password to be valid.
One of the newer safeguards is what’s known as two-factor authentication. Yes, this can be a bit of a pain. That said, it is well worth the trouble if your business has multiple online accounts or if you allow your employees to surf the web freely. Two-factor authentication can include a combination of a password and a passphrase, personal information, or even a thumbprint depending on the device.
Lastly, password storage is vital. The best option for storing your passwords is to use a secure password manager. This way, you can recall your passwords, but they are not in plain sight (i.e., a file on your desktop or in a notes app on your smartphone. Avoid storing your passwords in plain text such as on a spreadsheet or Word document.
What Password Strategies Should We Prioritize?
Password management or multi-factor authentication should be cornerstone aspects to your overall security posture. As such, it is recommended that your IT staff or third-party provider guide you on the following best practices to combat a weak password:
- Changing the weak password according to a schedule
- Creating complex passwords that prevent cyber attacks
- Managing multi-factor authentication parameters and conditions
- Administrating single-user passwords as employees leave, or new employees come in
- Notifying employees if a password has been compromised and changing your weak password
Additionally, help your employees generate passwords with built-in protections you may not have considered. For instance, password length is more important than complexity. Then, there’s the suggestion that weirder is better – especially if you avoid pop-cultural references like Star Wars or comic book characters in live-action movies. And when it comes to special characters – don’t overuse. Keep them unique, spaced throughout your password.
Educating Your Employees About a Weak Password
Most employees are unaware of the ongoing security risks in their companies. This is why it is critical that your organization conduct security awareness training for current employees or as an onboarding measure for new employees. Considering that only 12 percent of Internet users rely on password management software, such onboarding procedures are especially important.
Since many employees do not realize the risks of their errors, it is vital to discuss the dangers of sharing passwords with other employees. Also, it is essential to educate your team on the best methods for creating passwords.
Sentribit has employed a robust security awareness training program to educate employees on all facets of cybersecurity, from frequent threats to the most common best practices. We have access to the world’s largest library of awareness training content, provides fully automated phishing simulations using thousands of customizable templates, and offers advanced reporting on 60+ key indicators. Get your 30-day trial here.
It Can’t Be That Simple!
In WarGames, Broderick’s character David Lightman successfully breaks into a government computer, learning that the password is the name of a scientist’s deceased son. Lightman then exclaims: “It can’t be that simple.”
When creating today’s software and online passwords, make sure they aren’t that simple, and you and your company’s data should be safe. Call Sentribit at (908) 232-2060 to try our Weak Password Test, which checks your Active Directory for any related threats due to your weak password. And, while you’re on the phone with us, let’s talk about all the ways we can protect your business against outside hackers and insider threats.