New research published last month illustrates the changing nature of password security — and the need to strengthen your login credentials. Hive Systems’ annual password table study examines how long it would take hackers to “crack” a password using brute-force tactics, a trial-and-error approach that tests endless combinations of usernames and passwords.
With new AI-powered tools, hackers in 2023 can now crack a 10-character-long password containing only letters and numbers in seconds — up to eight times faster than Hive’s research previously found in 2022. Passwords that contain numbers only are the most vulnerable, with hackers able to crack a 12-number-long one in seconds.
As always, security experts recommend that users mix letters, numbers, symbols, and special characters into their passwords. A 12-character-long password containing that mix would take 226 years for hackers to crack — and an 18-character-long version would take trillions of years to crack.
What does a strong password look like?
It might seem self-explanatory, but the following tips can help:
- If you have old passwords that consist of only numbers or letters, update them immediately — they’re the most vulnerable.
- Create a password that is 18 characters long and contains a mix of numbers, lower- and uppercase letters, and symbols.
- If it’s easier, use a memorable core phrase surrounded by unique letters or numbers that are unique to the account, app, or platform.
- Avoid using publicly identifiable personal facts like a pet’s name or your child’s birthday in your password.
What else can I do to keep login credentials safe?
Hackers can get their hands on passwords — even 18-character-long ones — in a variety of ways. Beyond the brute-force tactics outlined above, they can also leverage data breaches, spearphishing scams, and surreptitiously installed malware to swipe credentials.
That’s why it’s so important to build extra layers of cybersecurity protection around passwords. Three key strategies include:
- Never use the same password for more than one account. Cybercriminals troll the dark web looking for lists of compromised usernames and passwords that they can use to hack into numerous accounts. Always create unique versions of credentials for each account, app, or platform.
- Deploy multi-factor authentication (MFA) or identity confirmation on every account. MFA requires users to enter something they know (their password) along with something they have (a unique code delivered via text or email, a push notification delivered via a single sign-on app, or a biometric identity confirmation). This mitigates the potential impact of a stolen password since any hacker trying to use it will be foiled by the extra step.
- Implement an enterprise-grade password manager to keep track of multiple credentials. If remembering an 18-character-long password seems daunting, you’re not alone. Password managers require a user to remember one master password that unlocks access to randomly generated, complex logins for each account, app, or platform. Make sure your business doesn’t use a free, consumer-grade option as these have proven to be vulnerable in the past. Pairing a password manager with multi-factor authentication provides an extra measure of protection.
Take a proactive approach to cybersecurity
Speaking of protection, the best kind is the proactive kind. Check your social media, email, and banking accounts periodically to look for any fraudulent activity and ensure that everything is in working order. If you only use apps like Facebook or Twitter once a month or so, check those first.
Maintenance and monitoring services like the ones offered by CMIT Solutions also provide extra preventative services. These include advanced antivirus, anti-malware, and anti-spyware software that can automatically detect and block malicious password-hacking viruses.
We also specialize in mobile-optimized, cloud-based password management solutions that are designed specifically for businesses of all sizes. And we deliver regular security patches and software updates for Microsoft Office, Adobe Creative Cloud, and popular web browsers to fix any known vulnerabilities.
In today’s online world, password security is paramount. That’s why CMIT Solutions works hard to protect every login credential. If you’re not sure about the integrity of your passwords or are worried about a potential hack, contact us today. We defend your data, protect your networks, and empower your employees, all while keeping your company’s information safe.