An Overhaul in Password Security
Passwords aren’t going anywhere. Despite the buzz that biometrics and MFA are holistic solutions, passwords are a ubiquitous, crucial layer for authentication—and they’re low-cost and simple, too.
That’s not to say that passwords are without issues. In fact, due to ineffective password policies, and poor user habits, they are hotly desired targets. Also, when a password is compromised, it can immediately become an entry point for cyber attackers. This problem has grown so rapidly that compromised passwords are now the leading origin point for data breaches.
This white paper provides a thorough explanation of the root causes, and potential solutions, to the password problem.
A snapshot of the problem from the DBIR
The number of data breaches has increased every year—there were 5,212 reported in 2022 compared to 1,935 in 2017. Unfortunately stolen credentials are by far the most common entry point, accounting for nearly 50% of all reported incidents.
The report found that cybercriminals are using stolen credentials in many types of cyber attacks, the three most common being:
The Root of the Issue
What really is the problem? Unfortunately, but unsurprisingly, it’s people— specifically, the very pervasive human habit of reusing passwords.
Over 65% of people reuse passwords frequently, and the average user employs a favorite password about 14 times. Even when an individual doesn’t use the exact same password, they often choose a root password with easy-to-guess variations: for example, they might choose “Avocado” as their root password and then add an end, “Avocado22!” or “avocado123”.
These habits make it easy for cyberattackers to exploit accounts through the above methods.
In Brief: What Companies Can Do
Examining and updating old password policies is the best place for organizations to start overhauling their take on password security. Several well-known policies were hailed as safeguards, but the digital landscape changed such that they are now backfiring.
Here is what companies should do now:
Companies must accept that human error isn’t going anywhere, and neither are passwords. Creating an updated and layered approach to authentication is the best defense companies can take against the constant threat of cyber attacks and data breaches.
Download the white paper now for more details about actions your company can take.