Another day, another email from IT telling you to change or update your passwords. We’ve all been there, opening emails and sighing at that reminder. However, did you stop to think what could be at risk when you don’t update your passwords across the board? What could the harm with just one password not being updated?
Understanding Passwords, Password Hygiene and Multifactor Authentication
Well, like Julie Andrews once sang – Let’s start at the very beginning, a very good place to start. What exactly are passwords in our current, digital, always connected society? If your data and accounts were your home, your password would be your master key. The one thing giving you access to everything. Of course, we technically don’t need to talk about it in this anecdotal way cause, everyone knows what passwords are. But, humour me as we break down the issue.
Knowing that your password is a master key, how would you make sure that things are always secure? You would keep it physically near you. Maybe clean it or make sure the key’s groves are still properly functioning. Similarly, password hygiene is simply the basics of creating a secure master key. There are certain characteristics that make it secure and hard to duplicate.
Firstly, it must be unique. The same applies to passwords – your passwords should be unique. Something that only you can figure out. Secondly, it has to be complex, the grooves of the key must be hard to reproduce. When it comes to passwords, this is done in two ways: with the length of the password and the use of special characters. Experts recommend that passwords should be longer than 6 characters and contain a mix of upper-case characters, lower case characters, numbers and special characters. In addition, it should ideally not be birthdates, social security numbers or simple patterns.
Now that you’ve got a secure key for your main door. Maybe we should add another layer of security considering everything you own is within this home. Let’s include a way to confirm that it’s really you opening the door. Maybe, we’ll use a voice authenticator. The addition of this second layer of security is exactly what multifactor authentication is. Essentially, it is there to ensure that it is you that is accessing your home. This has become a mainstay now with services like Google, Amazon and even Facebook requiring you to activate MFA. These are arguably, the very basics of keeping your data and digital self-safe.
Bad Passwords Puts Everyone at Risk
Now that we’ve covered the basics, let’s scale this up. Now think of a neighbourhood of homes. This is – perhaps – your family home. Each of your homes are interconnected with a powerline, a water source and more. However, each of these accesses are protected by the same protections that protect your mansion. More importantly, your homes are located within a gated community. This gated community is your home network. Ideally, there should be two access points to this community, one which gives you access to everything in the gated community and one that limited access. These access points are your WiFi passwords. In most cases, we tend to have two: one for your home devices and your guest password. Since we’ve established what a good password is, it should come as no surprise that the same rules of password hygiene apply even to these.
However, let’s think for a second about what happens if one of our access point has a weak password. It is very common for us to setup good home network passwords, but keep our guest passwords simple – cause who needs the hassle of trying to communicate complex passwords. Well, that would be, in this anecdote’s case, like putting a security guard who is blind at the guardhouse that provides guests access to the neighbourhood. While it is still secure, it’s not secure enough. Similarly, when we use weak passwords or repeated passwords, we’re doing the same to our data. Imagine what could happen now to all the homes in the neighbourhood because of that ONE vulnerability. You can have malicious actors enter the neighbourhood and snoop around.
“… password hygiene is crucial for organizations, it is important to note that unauthorized access to sensitive data can result in financial losses, reputational damage, and legal consequences. To prevent this, organizations should take the necessary steps to implement MFA and conduct regular software updates to protect organizations from known vulnerabilities that attackers might exploit. Organizations should be proactive in using the available tools such as password managers paired with the right training for employees to protect their data..”
Sage Khor, Presales Technical Manager, Trend Micro
In the case of passwords, one weak password could put everyone at risk. Remember earlier, how we said that each home is connected with an electric line, water line and more? Well, similarly, each device on your network – be it at home or at work – is connected in some way. Having a weak password is like having a thin wooden door with a flimsy lock. These malicious actors would be able to just bring down the door and access everything in your house and potentially make their way to other homes.
Keeping Things Secure Beyond Your Password
Hopefully, the anecdote helps clarify how passwords are essentially the first step to creating a secure environment both at work and at home. However, sometimes, passwords are not enough. While they provide some security, we have had to build on the foundations that were provided by passwords. This is especially true in recent years with malicious actors using more sophisticated attacks that require us to be more vigilant.
One of the most common way that has emerged to help secure our data is multifactor authentication (MFA). A good example of this is Google’s implementation where we need to click a prompt on our smartphones to prove your identity when accessing your Google account. This extra level of security makes it even harder for malicious actors to access your data. Another common MFA method is the use of authenticators which generate a random number that is used to unlock your accounts in addition to your password.
In addition to this, we have to – unfortunately – be more vigilant with our online interactions. Like the popular phrase in Game of Thrones, the internet “is dark and full of terrors”. Password hygiene is only one step we can take to protect ourselves on the internet. Having proper cyber security solutions such as the solution that Trend Micro offers will offer even better protection. For organizations, this may include the adoption of Zero Trust security models that will provide even better protection against compromise.
