03.13.20177 min read

Why Cybersecurity Starts With Your Password

Having a strong password might sound like common sense. However, not everyone will put a great deal of thought into this key aspect of cybersecurity. Many believe they simply aren’t a target for cybercriminals. Others believe their passwords are strong enough.

Before we dive into what makes a strong password, let us examine a couple of notable breaches which revealed that people did not use their best judgement in selecting a secure password.

In July of 2015, a hacktivist group targeted the website Ashley Madison. The group exploited some programming errors in the encryption algorithm that allowed them to crack 11.7 million encrypted passwords. What does this have to do with strong passwords? After all the passwords were encrypted right? Well, the list of exposed passwords revealed the top five to be “123456”, “12345”, “password”, “DEFAULT”, and “12345678”. Of those, 120,511 accounts used “123456” illustrating that it would have been very easy to access these accounts by simply using a trial-and-error methodology, also known as a brute force approach.

According to Splashdata, a leading software supplier of security applications who publishes an annual “Worst Passwords” list, the following are the top 10 worst passwords found on the internet in 2014:

worst passwords.png

Another noteworthy password hack was on Mark Zuckerberg’s Twitter and Pinterest accounts. After a breach of LinkedIn, in which millions of user account details were leaked online, hackers were able to identify and use Zuckerbergs’s LinkedIn credentials to access some of his other social media accounts. He had not only used a weak password, but he also used the same weak credentials for multiple accounts.

RELATED ARTICLE:

Cybersecurity Tips for Small Business: What You Need to Know

Cyber attacks don't just hit big companies; small businesses are at risk, too....

Both examples clearly illustrate how using a weak password or using the same for multiple accounts can prove to be devastating to any small business when exploited by cybercriminals.  

How to create strong passwords

Here are some great best practices to make your passwords strong and as secure as possible:

Make it unique and memorable

Too often, people create a password that is easy to remember, but fail to make it unique. Many create passwords based on personal information, such as a family member or a pet’s name or birthday. Also, the password should not contain any recognizable numbers such as a phone number, social security number, or address. While these make the password easier to remember, it also makes it much easier to be cracked by a cybercriminal.

Length, width, and depth

Strong passwords require a certain degree of complexity. Length, width, and depth are factors that can assist in creating the necessary level of complexity.

Length: Length denotes the number of characters in the password. A password should be a minimum of 10 characters long, but longer passwords are obviously more secure. With each addition character the complexity goes up exponentially. According to a 2010 Georgia Tech study passwords of 12 random characters could satisfy the minimum length requirement to defeat code breaking software. Anything less could be vulnerable. 

The same study assumes that a sophisticated hacker trying 1 trillion password combinations per second would take 180 years to crack an 11-character password. Adding one additional character increases this to 17,134 years. Even the 11-character password sounds like it would be impossible to break, but the current generation of GPUs (Graphical Processing Units) can calculate up to 11 Teraflops—or 11 trillion floating point operations per second. With cybercriminals using multiple linked cards paired with the right software, that 180 year number is decreased significantly.

Width: Width refers to the combination of differing types of characters, such as alpha, numeric, upper and lowercase, and symbols. Each password should contain at least one uppercase, lowercase, number, and special character such as symbols or punctuation.

Depth: Depth in a password indicates that a password has meaning, but that it is difficult to guess. To give a password depth, the user must think about phrases and mnemonics instead of actual words. An example of this would be “You miss 100 percent of the shots you don’t take” – Wayne Gretzsky. This would translate into the password “Ym100%otsydtWG”. Just how secure is this password? A website called HOW SECURE IS MY PASSWORD?, which tests password effectiveness, indicates that it would take approximately 204 million years to crack it.

Do your passwords pass the length, width, & depth test?

TWEET THIS
 

strong password.png

No password reuse

As illustrated in the Zuckerberg example, reusing passwords can prove to be a bad idea. Creating a secure password is not always easy, but trying to remember multiple secure passwords can prove to be even more so. Applications like Dashlane provide free secure password creation and management software that can help users overcome this dilemma.

Use Multi-Factor Authentication when available

Using multiple pieces of data to verify identity is becoming more common. Even if your password has been compromised, the cybercriminal may not be able to access your account. The idea is simple: Once your input your password another piece of data is required. This could be something you know such as a pre-established answer to a question, a key sent to your phone, or a biometric form, such as a fingerprint, voice recognition, or retinal scan.

Never write your passwords down

Many people violate this best practice, which of course makes your strong passwords useless if someone finds them. If you do violate this however, never store them in an easily accessible area such as taped to your monitor, underneath your keyboard, or in your wallet or purse. Again, it is far better to use a password manager that can store and retrieve them instantly without exposing them to the prying eyes of criminals.

RELATED ARTICLE:

Social Media Safety Tips for Small Business

Social media is likely a key component to your marketing plan. But, it can also go south...

In conclusion

Strong passwords are necessary to help keep your data secure. Ideally, a good password is one that is so complex that  it’s impossible for you to emember. This is not practical however and using the tools that are readily available, such as password managers, are worth implementing.

People and companies every day fall victim to cyber theft and a clear-headed approach to password security is a big step in stemming the tide of these crimes. At the very least, you’re making it more difficult for criminals to crack your passwords and gain access to your valuable data.  

2017 Strategic Planning Kit - Download Now

 Ron Smith is an Infusionsoft Sr. Quality/Security Engineer. Having served in the USAF as a security specialist, he became passionate about security. During his 20 year career, he has worked for very large companies such as Microsoft, Intel, and Pearson, but his love for small business carried him to Infusionsoft. He is also the father of five boys and an avid Harley Davidson rider and home brewer. 

green paper airplane

Did you like this article? Get articles like this delivered weekly to your inbox, gratis.

close button

Subscribe to our weekly newsletter!

5 Reasons to Subscribe:

1. Weekly tips to dominate sales and marketing

At our core, we're focused on helping you become a sales and marketing machine. We tap into the genius of the best salesfolks and marketers out there to give you daily tips to grow your leads, make more sales, and keep more customers.

2. Expert small business resources that cost you zero dollars

Want to go deep? We have you covered with free guides, webinars, and tools on a range of topics from marketing automation, CRM, and digital marketing to building sales and marketing strategies from the ground up. All for free. All for you.

3. We're focused 100 percent on small business success

We exist for one reason: helping small businesses succeed. We give you the ideas and insights you need to blow the competition out of the water. We serve business owners who are hungry to put in the hard work to grow their business and own the market.

4. We do the work for you

Running a small business is a 110 percent endeavor. You don't have time to surf Internet for the best small business insights and ideas out there. We'll do that for you with the best original content from our team and from industry experts and small business owners.

5. But wait, there's more!

Small business success means more than just sales and marketing, so we also hit on a range of topics to help your small business thrive, including personal and business growth, customer service, and business management.

6. Righteous GIFs

OK, we said five reasons, but we like to overdeliver...and GIFs. We really like GIFs. You're bound to see some righteous ones.

GIF of Ferris Bueler principal's assistant

P.S. We'll never give out your information. We'll only use it to send you awesome content and resources, if you're cool with that.