Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week let’s go back to security basics with password hygiene—the simplest, and yet often overlooked step in account security.
Passwords have been the bane of many internet users since the inception of the world wide web. For the average user, creating dozens of passwords for their various accounts–and then remembering them–seems a bit too much to ask. Instead, the user often defaults to creating one, or maybe two or three, simple passwords and using these for all their accounts.
The simple solution would be to move to a passwordless future. Yet, for all the talk of the death of the password, these combinations of upper and lower case letters, numerals and special symbols aren’t going away just yet.
While the FIDO2 standard, co-created by W3C and the FIDO Alliance, is making passwordless authenticators more accessible and easier to use, passwords are still the easiest authentication method to deploy.
So, in honor of our age-old friend, the password, here are five articles that discuss the importance of password hygiene:
The Colonial Pipeline ransomware attack is an important reminder of the need for basic cybersecurity hygiene. The author explores how a single leaked password, and a host of other issues, led to this disaster, and addresses the steps organizations can take to improve their security posture and reduce the risks posed by ransomware attacks.
Attackers today often don’t need to “hack” into someone’s account or network. Instead, they can log in using weak or default passwords (think “123456” and “password”), or passwords that have been exposed in data breaches. For protection from breaches, consumers and businesses need to adopt better passwords, use multi-factor authentication (MFA), password managers, and more.
A 100GB file, containing over 8.4 billion passwords, has been posted on a popular hacker forum. By combining unique password variations with other breach compilations that include usernames and email addresses, threat actors can use the RockYou2021 collection to mount password dictionary and password spraying attacks against an untold numbers of online accounts.
The article author explores four different varieties of password reuse and how they put users at risk. Also discussed are solutions that users and organizations can employ to mitigate bad password habits.
A password manager is a useful tool. It makes it easier to create and manage unique passwords across multiple accounts and, going by the author’s experience, it could also “save a marriage”.
About 17 years after Bill Gates predicted the death of the password in 2004, technology is reaching the stage where a truly passwordless future might soon become a reality. However, there are still some challenges that need to be overcome.
In the meantime, passwords will continue to play a prominent role in both our personal and professional lives. So it’s high time we rectified our password habits to protect ourselves from the cybercriminals that prowl the internet.