Skip to main content

Humans have always been regarded as the weakest link in a cybersecurity chain. They are the easiest to get compromised and provided a backdoor that cybercriminals can use to gain access to unauthorized data.

Data from a 2018 Verizon Data Breach Investigation Report seems to collaborate how fallible humans are in an information security system. In the report, the researchers found that 93 percent of all data breaches were a result of phishing and social engineering schemes.

On top of the list of things that cybercriminals found easiest to acquire were passwords. This is due to a combination of factors such as an ever-increasing computer power that is able to run millions of password possibilities within a second and also having insecurely stored passwords that can be easily accessed by cybercriminals and external actors.

The good news is, password protection is a learnable skill and you as an individual can learn the skill on how to be effective in managing your passwords.

Businesses and employers can also implement policies that require their employees to take a course on password security essentials. This can improve help them prevent future attacks that rely on cyber criminals accessing accounts that are password protected to gain access to the data they want to compromise.

However, there are caveats employers and business should consider before making it a policy for every worker to be educated on password security; your employees can become overwhelmed by the responsibilities and the risks involved in protecting your company’s data, which can also lead to slip-ups due to over complicating things.

As guidance here are some of the most effective steps you should take while implementing password security essential on a personal or business level.

Choosing a password

In 2003, the U.S. National Institute of Standards and Technology (NIST) set the standards for how passwords should be chosen, recommending that passwords should have uppercase and lowercase letters that are combined with numbers and symbols to make them stronger and harder for cybercriminals to break them. NIST also recommended that passwords should be changed every 90 days to reduce the effectiveness of leaked passwords.

To date, these guidelines have been very effective in preventing cyber criminals from gaining access to accounts and providing a safety framework that people can use to always be on the safe side of the cyber safe. So far, everything has gone great, and as long as these guidelines have been followed, password safety has been effective.

As expected, people being the weakest link in the cybersecurity space have found new ways of defeating these guidelines and putting themselves in perils way. The first rule that a lot of people have circumnavigated is the use of upper and lower case combined with symbols and numbers. For instance, P@s$w0rd!2 is a perfect password that follows all the rules and can pass for a strong password.

However, the framing of P@s$w0rd!2 is easy to decipher, even for an amateur cybercriminal because it simplifies passwords by substituting letters with numbers and symbols that look similar to the original text. It also does not come as a surprise to find out that after 90 days, many people opt to change only the last number. Although this makes it very easy to remember, it is a very ineffective way of choosing your passwords.

In some instances, however, password compromise is out of the control of their creator. Take the case of Facebook which, in 2019, a report revealed that it had saved hundreds of millions of its users’ passwords as plain text. The controversy highlighted how third parties can also be the cause of security compromise of your passwords.

Two-factor authentication

Another component of effective password security is having a two-factor authentication system in your login requirements.

As a business, it is very hard to determine whether the user logging into your system is the authorized user, especially when they already have a user name and password to access the system. To prevent unauthorized users, a new layer of security is required to authenticate people trying to log in to your system.

This new layer can be implemented by the use of two-factor authentication that ensures that the user accessing your site has the right authentication. This can be done by methods such as sending SMS to the phone of account holders being accessed with a code they need to enter in order to access their account. There are also tools such as Google Authenticator that can also be implemented to act as two-factor authenticators, which add an added layer where even passwords are not effective.

Password managers

Remembering strong passwords is a daunting task and that is why most people opt for simpler passwords that end up reducing the protection that passwords offer. Making use of password vaults or managers to store passwords is a great way to keep your information safe and ensure that you do not get frustrated with keeping track of your passwords. A good start when looking at effective password managers is 1Password.