Oh Password, Where Art Thou?

Oh Password, Where Art Though?

written by: Ted Clouser, PCA President | CEO


I have longed for a ‘passwordless society’ for some time now and Microsoft has taken steps this year toward that possibility. The company announced in mid-September of 2021 that it will introduce a “passwordless account” option for all users of several popular services such as Microsoft Outlook and Microsoft OneDrive in the coming weeks. Microsoft previously made this option available to corporate accounts earlier in the year.

You may be asking yourself – why is this relevant? You’ve been listening to the age-old teaching of 8-character passwords, and you are about to update all your accounts to Fall2021! so you’ll be golden. You’ll also be very diligent to update everything that prompts you to. For anything that doesn’t allow a pattern, you’ll leverage your child, pet, or hobby in some way to accomplish the goal.

Below are some password statistics from August 2020 that may alarm you:

· 59% use their name or birthdate in their password

· 43% have shared their password with someone

· Only 45% would change a password after a breach

· A 12-character password takes 62 trillion times longer to crack than a six-character password

· 42% of organizations rely on sticky notes for password management

· IT professionals reuse passwords more than average users

· Almost two-thirds of people use the same password across multiple accounts

· Employees use the same password an average of 13 times

· MFA blocks 99.9% of all attacks

· 24% of people use a password manager

· 80% of hacking-related breaches are linked to passwords

Clearly, passwords present a problem - and a vulnerability. Microsoft understands it and is taking steps toward addressing it. What should we, as users, do? Below are things we recommend implementing without delay:

· Implement a password manager to keep up with your passwords

· Implement 2FA (2-Factor Authentication) on every single account that allows it

· Utilize a password manager to create your passwords – never do it on your own

· Set the default length for all passwords to at least 12-characters, but preferably more

· Never share your password with anyone else

· Never share your passwords across multiple items

You may be asking yourself – what happens if the password manager gets breached? That’s a great question and valid because anything is possible. In fact, that very thing happened in 2015 to LastPass – one of the leaders in the industry. In that breach, hackers gained access to several pieces of information including encrypted versions of the passwords. If anyone was using a weak master password (such as Password123), then their data would be compromised in no time. That master password is critical to securing yourself when utilizing a password manager.

The CIA Triad is a common industry model in security and consists of the following: Confidentiality, Integrity and Availability. The intent with security is to strike a balance – we need ease of use while still knowing that our data is private and secure. The more layers of security in place, the more secure something tends to be. Much like your home – if you leave the door unlocked, you have no security at all. If you twist the lock on the knob, it’s an added layer. Add a deadbolt and you have one more. Lock the chain and you’re even more protected. Add security cameras, motion sensors, an alarm and automation and you turn in to a fortress. It makes it more of a process to get into your home, but it also enhances your security ten-fold.

Why should your data security be any less important?


Sign Up for Our E-Newsletter

Every month, we'll send you our latest blogs, news and announcements.

News & Articles

Oh Password, Where Art Thou?

PCA President | CEO, Ted Clouser, shares what the future of passwords may look like. Will we have passwords at all?

Read More

Howard University suffers cyberattack, suspends online classes in aftermath

The university suffered a ransomware attack, however there is no evidence so far of data being accessed or stolen. The post Howard University suffers cyberattack, suspends online classes in...

Read More

ProtonMail forced to log user’s IP address after an order from Swiss authorities

Following the incident the company has updated its website and privacy policy to clarify its legal obligations to its userbase The post ProtonMail forced to log user’s IP address after...

Read More
 

Call or Text

1-833-YOUR PCA

Business texting is possible with VoIP. Learn more today!

Nashville Virtual Office

Main Office

12824 Cantrell Road, Suite 200
Little Rock, AR 72223
View on a map

Bentonville Office

Grit Studios
125 West Central Avenue, Suite 200
Bentonville, Arkansas 72712
View on a map

How can we help your business?

Top