Type “password cyberattack” into Google News and the results will tell you how often cybercriminals get hold of sensitive corporate and personal data. Weak passwords are a big part of the problem. For example, in 2023, technology security firm Nordpass report “123456” was found to be the most common password in Nigeria and the second most common password globally.
Thembekile Mayaise is a cybersecurity expert. researcherThe Conversation Africa asked her to explain how employers and employees can improve password security.
Why is password security so important?
The rapid increase in cyber attacks leading to system intrusions and data leaks is forcing organizations to reassess their access control strategies. The question is no longer if a cyber attack will occur, but when and how it will occur.
Passwords and usernames remain key vulnerabilities. Still in use today They are used for access and authentication. Too many people use weak or overused passwords.
Report from cybersecurity company Sophos found It is predicted that the number of cyber attacks against businesses in South Africa, Kenya and Zambia will increase by 76% in 2023. This comes at a huge cost.
Every year, various sources publish lists of the most commonly used passwords. Here are some common ones featured in NordPass’ research: Predictable Choices For example, “123456”, “admin”, “12345678”, “password”, etc.
These passwords can be cracked in under a minute by highly skilled hackers or those with basic hacking skills. Sensitive information is at risk of being stolen, deleted or tampered with. AI tools make hacking easier.
Some organizations do not have password expiration dates, which creates an opportunity for unauthorized access. Often, when a password is compromised, Online Identity TheftAdditionally, password saving features, such as websites that offer auto-save when creating a new account, are not a perfect solution: despite their convenience, these platforms pose the risk of your credentials being leaked.
What can companies do differently?
Password policies and corresponding standards should be developed and implemented to meet a company’s cybersecurity objectives. How this is done will vary depending on the organization and type of business. For example, financial institutions and credit card companies may find the Payment Card Industry Data Security Standard to be most appropriate. Other companies may Guidelines Provided by the United States National Institute of Standards and Technology Alternatively, you can use the ISO/IEC 27001 security standard, which is used worldwide.
Companies need to ensure that their employees are fully aware of and understand their responsibilities regarding password usage policies and procedures. To do this, they should:
Conduct regular awareness campaigns to promote secure password usage and address potential password threats
Follow best practice security standards for user account management and password controls
Incorporate a password strength meter to help users generate more secure passwords
Consider implementing multi-factor authentication, which requires two or more pieces of evidence to authenticate a user, such as a password and facial or retinal biometrics.
Verify that the password file is encrypted
Conduct regular audits to monitor and ensure compliance with password policies and standards.
Read more: Phishing scams: 7 tips to stay safe from cybersecurity experts
What about individuals?
Individuals can be safer online at work and in their personal lives by staying vigilant and informed about the latest threats that can compromise password security. In organizational settings, keep in mind the following:
Understand and follow your organization’s policies and standards regarding secure password usage
Attend awareness and training sessions
If you suspect a security incident, report it to your ICT help desk or follow your organization’s incident management process.
Store your login credentials securely
Log out after each session, especially if you are using a shared computer.
Use strong passwords that are difficult for attackers to guess
Avoid reused or easily guessed passwords, such as consecutive characters, repeating phrases or dictionary words.
Check if the password you choose is already on a list of compromised or common passwords.
Be sure to change your password if you suspect a breach
Store your passwords securely with our encrypted password manager tool.
What’s the worst password mistake you can make?
Do not use basic or easily guessed passwords, such as words found in common dictionaries. Users should set passwords that are at least 12 characters long and contain a combination of alphanumeric (letters and numbers) and special characters, and lowercase and uppercase (lowercase and uppercase) characters to ensure confidentiality.
It’s also important not to reuse passwords across different accounts.
Don’t use autofill features or save passwords on websites, especially on shared computers.
Do not share or reveal your password with anyone, especially coworkers. If you must share a password, make sure it is approved by management and the details are documented for audit purposes.
Never give out your password details over the phone to individuals claiming to be IT technicians without proper verification.
Some ways to check the authenticity of a call include:
Check the ticket number the caller is referring to
Ask the caller to send an official email to your account, especially if you have no problem accessing a computer.
If an internal phone number is used, check the authenticity of the call.
Requests callers to provide identifying information, such as their name, office location, department, or who they report to.