Impact Resources

Are Passwords Actually Secure?

Written by Elizabeth Gambino | May 5, 2022 2:00:33 PM

The trusty password has been working hard to secure our accounts for decades. But are they the most secure way to protect our information? 

Read on to learn more about what can be done for businesses to increase the effectiveness of its passwords. 

Why Passwords Work for Security 

Passwords are the first line of defense for many. It’s how we log into emails, websites, and other important websites and applications that make businesses run. But the first line of defense can be a thin one without implementing effective password standards across an organization. All it takes is one person’s password to be easily guessable for a criminal to get access to an entire business network.

Related: Cybersecurity Tips: Passphrases vs. Passwords 

Password Security Best Practices 

To increase the usefulness of passwords and make them more secure, follow some basic best practices like: 

  • Don’t Write Down Passwords in Unsecure Locations: If you feel the need to write down your password to remember it, don’t just jot it down on a stick note on your desk or leave it in an unlocked drawer. If you can’t store it in a secure, digital location like a password manager, at least ensure it’s locked away and unable to be accessed by anyone but you. 
  • Use Long, Complex Passwords or Passphrases: The biggest key to strong password use is making your passwords or passphrases long and complex without any personal information or easily guessed patterns. Use a combination of numbers, letters (capitalized and uncapitalized), and symbols, and ensure your passphrases are at least 16 or more characters and are not simple dictionary words.  
  • Use a Secure Password Manager: If using a unique and complex password for all your accounts, you will need a way to find them in a pinch. Using secure password management software can keep your passwords safe but accessible when you need them. 
  • Use Unique Passwords for Different Accounts: If a bad actor obtains your credentials, you do not want them instantly having access to all your accounts because you used the same password over and over. Use unique passwords for different accounts to protect yourself in the event one of your passwords is compromised. 

The Weaknesses of Only Using Basic Passwords 

With so many techniques and strategies being used by criminals like phishing and brute-forcing, bad actors have a lot of ways to crack a simple password. Herein lies the biggest weaknesses of a password-only login authentication process: there is a finite number of combinations possible, and most people simply are not following the best practices above to make their passwords complex, long, and ever-changing. 

Passwords can be stolen, guessed, and re-used unsafely. Luckily, there are options out there to replace password-based verification or, better yet, add more layers of security. 

Related: Why You Need Layered Security 

Strong Ways to Boost Password Security 

There are a few strong options people and businesses can use to strengthen their passwords.  

  • Multi-factor Authentication (MFA): Using email, text messaging, phone calls, and other methods, users can get one-time use codes or confirmation buttons to verify their logins as a second step in the process. This adds a layer of security and improves resistance to phishing scams by using authentication factors that users can’t be tricked into giving up. 
    • Biometric Authentication: To add another layer of security to MFA, use face-scanning or fingerprint scanning on laptops, tablets, phones, and other devices that support it. 
    • App Verification: Users can also use MFA via additional apps like Microsoft Authenticator to get codes or buttons for authentication. 
    • Additional Security Keys: A token that contains an algorithm that is inserted into a USB drive that is used to access devices and accounts. 
    • FIDO Protocols: The FIDO alliance (an open industry association dedicated to reduce reliance on simple passwords) has created authentication protocols using key cryptography with websites to provide stronger authentication processes.  

  • Password Managers: Password managers are great ways to store multiple passwords securely so they can be easily accessed and organized. Additionally, many password management tools will help with password creation by generating new, complex passwords. 
  • Cybersecurity Training: It’s important that the people using these passwords know how to protect them. Frequent training keeps users aware of the latest ways hackers are attempting to obtain this information so they can know what to look for and how to avoid attacks. To establish a stronger security culture, password best practices must be imprinted company-wide, so everyone knows how to protect themselves and the organization. 

In Conclusion 

Passwords are a tried-and-true way to secure important accounts and information, but without the latest best practices or the backup of MFA, they can easily become the weak link in a business’ cybersecurity system. Businesses must standardize MFA and password management practices to improve the effectiveness of their passwords.  

Learn more about password management’s place in a cybersecurity strategy and the entire strategy development process.