Passwords Have Evolved… Have You?

Technology has changed, and cybercriminals are cracking accounts faster than ever before.

27 September 2019

Top up your cybersecurity survival kit with the Chief Information Security Officer (CISO)! October is Cyber Security Awareness Month, and we're challenging you to look closely at the evolution of cybercrime and check that you've kept up.

Passwords Have Evolved… Have You?

Gone are the days when a secure password was just the name of your pet. "Rover" might have been a great solution to your password needs fifteen years ago, but technology has changed, and cybercriminals are cracking accounts faster than ever before.

Passwords have evolved. Have you kept up?

From Password to Passphrase

The first password you ever made was probably just that: a word. Then companies asked you to add a number. That turned into adding a number, a special character, and a capital letter. Now, we've moved on to the next generation of passwords: passphrases.

A passphrase is a password that is composed of a sentence or combination of words, preferably with some special characters and numbers thrown in to make it more complex. An example is LukeLovesSt@rWar$. The phrase "Luke loves Star Wars" is easy to remember for the user, but hard to guess for the hacker, especially with the added characters.

A long passphrase takes much more time to crack than a single password. For example, the website BetterBuys estimates that a randomly construed password like j9@vAg7$ could be cracked in ten years, one month, and three weeks. Not bad. But the passphrase LukeLovesSt@rWar$ has that beat: the estimated time to crack that passphrase is currently listed as "infinity."

Get Help: Use a Password Manager

Many users suffer from password fatigue, the confusion and frustration people feel when they have to remember a multitude of unique passwords. Unfortunately, that's when the bad habits start: recycling the same password over and over, writing passwords down on sticky notes, and creating easy passwords that anyone can guess.

A password manager alleviates that fatigue. It's a tool that stores and retrieves all your passwords in an encrypted cyber vault that can only be opened by your master password, which acts as the decryption key. Without the key, your other passwords remain encrypted and safe from hackers.

Most password managers use a zero-knowledge model, which means they do not know your master password and they do not store it anywhere. The only place your master password lives is in your memory.

Password managers can be accessed online through a web platform or on your mobile devices through an app. But however you use your password manager, keep these tips in mind:

  1. Never forget your master password. Because password managers don't store that information anywhere, a forgotten master password means you're locked out of your account and you can't access the passwords stored inside.
  2. Choose a strong and unique master password. Your password manager is only as strong as the master password you give it. A passphrase like LemursL1keBanana$ is almost impossible to guess, whereas password123 would be cracked in milliseconds. Create a master password that's complex, and make sure it's not a password you've used for another account.
  3. Explore all options and tiers. Each password manager has its own perks and tiers of service. Some will sync across all your devices, and others will notify you if any of your accounts have been involved in a data breach. Choose the features that work for you, but whatever password manager you decide on, make sure it uses a zero-knowledge model and AES-256 encryption. Find more tips on selecting the right password manager for you.
  4. Take the time to strengthen your passwords. Setting up a password manager is a great opportunity to create a new set of strong and unique passwords for all your accounts. Take the time to retire old or reused passwords and create entirely new ones. Find more tips on creating secure passwords.
  5. Be patient. Using a password manager might take some adjusting. After all, it's an entirely new organization system. But once it's set up, your life will be simpler. All your passwords will be at your fingertips, and you can use the manager's password generator to create any new passwords you need.

Keep Evolving

Technology is always evolving, and so are cybercriminals. You need to evolve right along with them. The farther you get left behind, the more you're opening yourself up to a serious data breach.

Ready to evolve? Keep it locked to the CISO News and Alerts page, and find more tips on Facebook and Twitter.