Cyber threats evolve all day, every day.  There is malicious software dedicated to cracking your password and hackers motivated to crumbling your defensive walls.  Because of this, no security strategy is ever 100 percent perfect.  To top it off, the simple fact that technology itself evolves all day, every day, also contributes to your not-so-perfect security strategy.

Therefore, securing your business’ data is out of your hands.

Or is it?

What you may not realize is that your password is your greatest ally; it is the moat around your castle and your first line of defense.  Ultimately, your business is only as strong as your weakest password and in many cases, it’s pretty weak, which makes your password the secret killer of your cyber security strategy.

In fact, back in 2013, 90% of all users were said to have a vulnerable password.  What’s worse?  The most popular passwords three years in a row went unchanged.  These passwords include combinations such as ‘password’, ‘123456’, and ‘qwerty’.

Many people tend to generalize that passwords don’t matter given the evolvement of threats.  A group or person can easily hack a database and break a majority of the passwords within a few days, which is the precise fate that befell Ashley Madison last July.  So why bother creating and remembering an extremely complex password?

To explain this, let’s dig a little deeper into what actually went on after the attack on Ashley Madison.

With this particular hack, the passwords were ‘hashed.’  Hashing is another way to store and secure login credentials, similar to encryption.  After the data was dumped, a handful of experienced cyber groups attempted to decode these hashes; they were partially successful in their endeavor.

For instance, the first 11 million took less than 10 days for CynoSure Prime.  That’s still under half.  Other groups were significantly less effective.  Avast, a global pioneer in antivirus protection, discovered only 27,000 in two weeks and Dean Pierce, a top cybersecurity researcher currently working for Intel, only unlocked 4,000 (that’s 0.06%).

CynoSure Prime released statistics regarding the 15 million passwords they unlocked and out of 11.7 million passwords, only 4.8 million were unique.  Many of these passwords had no capital letters or contained an uncomplicated string of numbers; however, a significant portion of these passwords was still left untouched.

Why were they not decoded?  The answer is simple.  These passwords were more complex than the average password.

A complex password is 8-14 characters long.  It does not use a word out of the dictionary, nor does it look like a complete phrase.  It should appear incoherent and resemble a random assortment of letters, numbers, capitalizations, and characters.  In other words, your password should be difficult to remember.

When it comes down to it, time is on your side.  The more complex of a password your employees have, the longer it will take to fully break into your system.  If your passwords as a whole can make it through the first couple days of a hack, you’re one of the lucky ones.

So while it may be easy for experienced hackers to hijack a database, cracking the passwords themselves is not such a simple feat.  Don’t underestimate the power of a password.  Make certain every employee creates and maintains a complex password—one that is long, unique, and nowhere near the top 500 passwords.

Sources

http://www.businessinsider.com/90-percent-of-passwords-vulnerable-to-hacking-2013-1

http://gizmodo.com/the-25-most-popular-passwords-of-2014-were-all-doomed-1680596951

http://www.pcworld.com/article/2982919/security/ashley-madison-coding-blunder-made-over-11-million-passwords-easy-to-crack.html

http://cynosureprime.blogspot.com/