As humans we have used passwords throughout the ages to get in through locked doors. Both physical and digital ones. But in today's digitized world, we are focused on making things easy for ourselves. We don't memorize things anymore. We create passwords that are easy to remember - which makes them easy to crack.
There might be those who think that we security experts keep nagging on strong passwords. But we do have our reasons. The key take aways from the 2022 Annual Identity Exposure Report speak volumes:
- 1.7 billion credentials were exploited by cybercriminals in 2021.
- 70 percent of users were still using hacked passwords a year later.
- The most frequently reused password was "password" (!).
- 60% of users reuse passwords. A Google survey found that 52% reuse passwords for multiple accounts.
- And only 20% of users have a password manager.
Strong and unique passwords
It's important to ensure that all passwords are strong and unique. There are three simple techniques for this:
- Use phrases of 16 characters or more and preferably include spaces, dialectal expressions, etc. Example: My bills are way too high! (don't reuse use this phrase).
- Never reuse the exact same passphrase and never share it with anyone else.
- Change your passphrase if you suspect it has gone astray.
The fact that no more than one in five internet users uses some type of password manager is both alarming and strange to me. With a password manager, you only need to remember one – very strong and unique password phrase, because the software takes care of the rest.
When it comes to the workplace IT environment, some type of password manager is an affordable and effective measure that most organizations should prioritize investing in. Fortunately, we're also seeing that it becomes more and more common. In the report Nordmenn og digital sikkerhetskultur, 21 percent state that they also use this privately.
We have just launched the 2023 version of Junglemap's Information Security Awareness course. Basically, it's about increasing knowledge and maintaining awareness of information security - all year round. The way employees manage their passwords is something that IT departments and security managers are constantly struggling with.
With the right tools for strong and unique passwords in place, it's a matter of getting everyone to do the right thing. When it comes to information security, it’s not in place just because the technology is installed. It's ultimately about what your employees do. Not least with their passwords.