What’s better than a password? We can think of a few things.
It takes 0.29 milliseconds to crack a 7-character password.
Brute force password attacks are commonplace now, and unfortunately, enterprise data breaches are just as routine. We have probably all received one notification within the last year that our account credentials were exposed in a data breach. And yet, only 12% of Americans change their password when they’ve been notified it was hacked.
Data breaches are so commonly in the news they have lost some of their shock value. As consumers, we expect organizations to protect our personal data, but there is an alarming disconnect between those expectations and our individual behaviors and habits when it comes to cyber hygiene. Americans are extremely lax about password security.
Based on what we know today, it’s due time for the mindset surrounding password management to shift. It is critical that we take some personal responsibility. Passwords may be a necessary evil, but there are resources available to make using them, and fortifying them, less unpleasant.
Password < Passphrase
Best practices say your password should be a minimum of 12 characters. The security of your passphrase is directly correlated to its length, so go ahead and make it a sentence.
In addition to a strong password, MFA has become a baseline practice for securing critical accounts. Typically, the authentication process relies on one of the following things: something you KNOW (a password), something you HAVE (a security key), or something you ARE (bio-metrics/your fingerprint). Deploying multi-factor authentication provides an additional layer of security by requiring at least two of those things for access.
One of the reasons people use the same password across accounts is because we tend to prioritize convenience over security. The average business employee has around 191 passwords to keep track of, according to a report by LastPass. If we were required to remember a unique, 12-character passphrase for each one of those accounts, we would have little brainpower left for our professional duties. Not only will a password manager keep your unique passwords organized, it will also suggest random, complex passwords for newly created accounts.