Password protection is perhaps the most fundamental element of modern information security. Despite advanced endpoint protection software and cutting edge detection & response solutions, passwords still serve as the first line of defense against even the most sophisticated attackers. Invest in a strong lock, and keep the key safe – simple and intuitive enough.
Or is it? Overall, it seems that most people are still unwilling or incapable of taking password security as seriously as it should. Default passwords, such as “admin” and “password” abound, and if a user bothers to come up with a unique password, it’s often something akin to “qwerty” or “12345”.
The worst thing? These gems are used across multiple services. You know what we’re talking about – most people have that one favorite go-to password, which they punch in to every single new password prompt and registration form they come across.
Poor password hygiene is bad enough for a private individual – identity theft or credit card fraud are not something to laugh at – but the stakes are exponentially higher when it comes to organizations. Compromised social media accounts, access to company IT infrastructure, leaked customer databases – the list of dangers is almost endless.
According to the 2016 Verizon Data Breach Investigations Report, 63% of confirmed data breaches against organizations involved weak, default, or stolen passwords. Our own threat researchers, in turn, found that nearly 30% of CEOs have had their passwords leaked, in one form or another.
In what’s still probably the most baffling example of a password gaffe, French television station TV5Monde revealed a bunch of their social media passwords when one of their journalists was being interviewed on camera by another news organization. During the interview inside TV5Monde’s offices, multiple passwords could be seen scribbled on sticky notes and index cards, laid around a staffer’s work area.
To start with, it’s pretty cringeworthy to rely on passwords such as “thepasswordofyoutube” and store them on post-its. But the thing that made TV5Monde’s blunder especially ironic was the topic of the interview: a cyber breach. The channel had been successfully attacked just days before, and the journalist being interviewed was there to discuss the breach’s effects on TV5Monde’s operations.
It probably isn’t too much of a stretch to assume that the channel’s somewhat “lax” approach to security could have had something to do with the breach. Although not owning up to all stereotypes, most cyber attackers are as smart and determined as one might imagine – if your password could be guessed by an average 8-year-old, it most likely won’t hold back a resolute hacker.
So, what’s the takeaway here? It’s simple: don’t give attackers a needless free pass.
Instead of post-it-notes, store your passwords in a reliable password manager. Might be a good idea to use it to generate the passwords as well – a random sequence of letters, numbers and special characters will most likely be a better defense against hackers than your current go-to phrase.
Leave a comment