A recent attack on the crisis management system of the Cobb County Georgia school district led to a code red lockdown, producing disruption and anxiety in several schools across the district. The cause of the breach was traced to an employee of the crisis management service whose access was exploited due to a weak password. Unfortunately, this situation is not unusual. According to The Verizon Data Breach Investigations Report over 80% of breaches are linked to the poor use of passwords.
A data breach at the file-hosting service Dropbox, that resulted in the theft of the credentials of over 60 million users, was linked to employee reuse of a password. In one of the most egregious cases involving improper password use, Equifax suffered over hundreds of millions of dollars in losses resulting from the compromise of customer data. The class action lawsuit revealed that the username for a portal containing sensitive information was “admin” with the password also being “admin.”
There are a number of standard rules for creating a strong password. The recommended length is twelve to fourteen characters, but the longer the password the stronger the result. One should always use a mixture of upper-case and lower-case letters, numbers, and symbols. Using words found in a dictionary is discouraged. A dictionary word using obvious substitutions, like replacing the letter “o” with the number “0” is also weak. Simply bashing your fingers randomly on the keyboard will create a stronger password than using dictionary words and predictable patterns.
One solution to manually creating multiple passwords that are both strong and unique, is to use a random password generator. These tools generate strong, random passwords that protect accounts and data from common tactics. Once strong passwords are created, there is still the problem of having to remember all of the passwords. This is where a password manager can make things easier.
A password manager is a helpful application in that the user only has to keep track of one strong password in order to access the manager. By storing all of a user’s passwords with encryption protection, one has the benefit of easy access as well as security. This helps one to avoid the temptation of reusing a single password for multiple logins.
The strong password is the most basic of steps in an effective information security program and costs little to implement. It is simply a matter of developing and enforcing policies and procedures. Although a good approach to strong passwords is an integral part of an overall security strategy and can decrease vulnerabilities by up to 80%, it is by no means a comprehensive security strategy. It only takes one successful breach to cause critical damage to the well being of a small business or organization.
Asteros Cybersecurity can help eliminate this threat with our cutting-edge services that keep pace with the evolving tactics of attackers. Let us help you discover the vulnerabilities within your systems with our free, no-strings-attached, surface audit.