In 2021 a new password leak was found on a popular hacker forum that boasted an impressive 8.4 billion leaked passwords. Let that sink in for a moment. There are only 7.674 billion people in the world, of that most estimates put the number of internet users close to 4.7 billion. Any way you look at it, chances are one or more passwords you have used has been leaked.
Leaked passwords are usually from data breaches at companies who have been hacked. That breached data then gets released to hacker forums and is then used against users later.
The best solution to leaked passwords is to use a very complex password and a unique password for each site/service. There are a couple of problems with this approach, however. First complex passwords are hard to remember. A password that’s made up of 20 random characters with unique characters scattered throughout is almost impossible to remember. Also, each time you use that strong password for a different site you expose it to the risk of getting leaked. It only takes 1 leak to ruin a password no matter how strong it is.
While password managers like LastPass exist, and should be utilized, they have their own limitations. LastPass for instance requires users to pay for the mobile version. If you don’t have access to the password manager then you aren’t going to use it and thus many people tend to have some strong, randomized, and unique passwords for only some services.
A good password policy should be multifactorial. Not only should you be implementing password managers so you can beef up your password complexity and prevent reused passwords, but you should also investigate Multi Factor Authentication (MFA).
MFA is great addition to security measures for several reasons.
1) It offers security even if a password is compromised.
2) It prevents brute forced password crackers.
3) It is incredibly cheap and easy to deploy
There are several different MFA options that exist, and all the big names have their own solution. For instance, there is a Microsoft MFA, a Google MFA application and DUO offers a suite of MFA applications to even secure services running inside your network. While not all MFA solutions are created equal with some options being more secure than others, even setting up MFA with a simple text your phone number is a step in the right direction.
Give us a call today to discuss password security or even have your network tested for vulnerabilities.
Thanks for taking the time to read this and hopefully you found something informative!
Stay Safe.
- Soteria Tech
Comments