Passwords have been used to secure accounts for computer systems and services for a very long time, but how secure is your password, really? Despite major advancements and vast improvements to technology over multiple decades, even a carefully chosen and robust password is only as secure as the security hygiene practices and systems that compliment it.
Unfortunately, advancements in technology also bring with it numerous tools and methods an attacker can use to try and gain access to your accounts, the most common of which are:
- Brute Force Attack – use of excessive forced attempts to try and guess the password to an account. A brute force attack can attempt between a few thousand to several million password combinations per second.
- Keylogger Attack – use of software or hardware that records every keystroke inputted to the keyboard, thereby stealing passwords and sensitive information.
- Dictionary Attack – use of a precompiled list of millions of different common words and potential passwords often collated from previous data breaches to rapidly try and guess the password to an account.
- Credential Stuffing – uses already stolen or guessed password credentials for a particular user against all their other accounts and services. The initial password can easily be obtained without direct interaction with the user if their password has ever been leaked in a data breach for any other service where it has been used.
- Man in the Middle – when an attacker intercepts communication between two parties often completely unbeknownst to either party.
- Phishing – sending emails purporting to be from a known or reputable source to persuade someone to do something or obtain sensitive information.
- Password Spraying – the attacker “sprays” a single password across multiple accounts in an organisation before trying another password. This method can potentially bypass account lockout countermeasures by allowing enough time between trying the first password against the last of the accounts before a new password is next tried against the very first account.
It is not all doom and gloom though, as there are many simple steps you can take to greatly improve your security posture:
- Use multi-factor authentication – we cannot stress this enough. Enabling multi-factor authentication anywhere it is available is by far one of the most effective steps you can take to improve the security of your accounts.
- Use a complex password – ensure you are using passwords that are not too simple and use a combination of numbers, symbols, uppercase and lowercase letters. Consider using a long passphrase (a combination of three or four words) instead if that is more memorable.
- Do not use the same password twice – using the same password across multiple accounts opens you up to far greater risk than you may realise, especially if you are reusing passwords across your personal and professional life. Once the password to one service has been compromised an attacker can reuse that same password to pivot across any other service with which that password is associated within hours, if not minutes. This can include bank accounts, social media networks, work related accounts, etc.
- Use a password manager – in a world where more and more services are centered around online accounts and platforms it can be difficult to keep track of and remember passwords. Password managers can take the hassle out of remembering and typing in all your passwords by using an app to generate and securely store passwords and retrieve them on demand. An added benefit is that you will also be less likely feel the need to reuse or simplify any passwords given that you no longer need to think about them. Consider checking out password manager services such as Lastpass, Keeper or Dashlane among others.
Putting the above steps into practice will drastically reduce your exposure to risk and go a long way to keeping unwanted threats at bay.
How do I prevent my business and staff accounts being compromised?
The best way to deal with potential attack is to avoid having one occur altogether. Ask a member of the Managed Services Australia team about how you can proactively invest in some strong, yet simple security measures to greatly improve the security posture of your business. Get in touch on 1300 024 748 or at email@example.com.