Passwords are the necessary evil in this world of highly targeted security threats. Small businesses and government agencies have been particularly under attack lately. As we’ve mentioned previously, employees of an organization are the weakest link in the security chain that keeps the threat actors at bay, and compromised passwords are the #1 attack vector.
The good news is that passwords are starting to get a little easier to remember, however, the new recommendations are that 2FA is also utilized with those long passwords. Make sure you turn on 2FA on any service that will allow it!
Even with 2FA enabled and a strong password, credentials can still become compromised. How can you protect your company from this easily patched security hole? You need to up your password game.
Beware of Phishing
With 2FA enabled, successful phishing attacks can utilize the small timeframe the 2FA code is active to login to your account and wreak havoc. The way this works is the attack will appear like you are logging into your account. In the back end, they will pass along your credentials to the real site, triggering the 2FA authentication. Once you enter your 2FA code, it then gets passed along to the real site enabling them to take control of your account.
Modern phishing attacks are extremely convincing. They use fear and urgency to get you to react instead of think. If you get an email or phone call that plays on that emotion, try to take a step back or a breath to calm your immediate response and think clearly. If you are really concerned, type in the URL to access your account directly. Do not click the link listed in the email or text message, even if it is from someone you know.
Length is Strength
While good passwords no longer require all kinds of letters, numbers, and characters; they do require length. Passwords that are at least 20 characters long are great, but the more the merrier. As long as the account you are logging into allows it. If the maximum characters for the password are less then 20, definitely try to max it out. String together several words that mean something to you, and you should have no problem coming up with an easy to remember password that is strong.
Keep it Secret, Keep it Safe
The worst thing you can do is give someone else your password. Whether it is intentional or not, keep your password in your head or in a protected password keeper like LastPass. Writing it down on a post-it note and keeping it around your desk is not acceptable. Giving your password to a co-worker to help you get something done is also not acceptable. Make sure to always keep your password a secret. As soon as your password is compromised or has been given out, you need to change your password immediately.
Is Your Password Already Compromised?
There have been so many data and security breaches at top software as a service companies, that it can be hard to keep track of them all. One website is extremely helpful in checking to see if your password has already been compromised. Head over to haveibeenpwned.com to check your email address for compromised credentials. (pwned refers to a gaming term that means you’ve been beaten).
Being a little more vigilant about your passwords can really help ease the current attacks until the threat actors find a new way to make security hard. If you are concerned about your password game, give us a call to see if we can help make your business more secure.