WHAT HAPPENS IF I USE COMMON PASSWORDS?
Your accounts could be vulnerable to a variety of attacks, including password “spray attacks.”
Password spray attacks target user accounts by attempting to access hundreds of thousands of accounts with the same common password at once, instead of testing many password combinations on a single account. Bad actors achieve up to a 1% success rate using these attacks. Using discreet methods, they can fly under the radar, fearlessly hacking user accounts and stealing sensitive information.
WHAT ARE COMMON PASSWORDS?
If you use a common password, your accounts are open to password spray attacks, putting your data at risk.
The most common passwords worldwide include:
If you use any of the above passwords or other easy-to-guess combinations, hackers could access your accounts during a spray attack and compromise your data. Password spraying and other attacks exploit security weaknesses, like using ineffective or repeated passwords.
WHAT SHOULD I DO?
Here are some ways to help safeguard your accounts and avoid attacks like password spraying:
- Create strong passwords. Your organization should have strict password requirements in place for length, alphanumeric combinations, and frequency for updating passwords.
- A password with more than 12 characters, upper- and lowercase letters, numbers, and special characters is considered very secure.
- Update access credentials for key accounts every six weeks.
- Use a different, unique password for every account. Repeating passwords can lead to multiple accounts being compromised at the same time.
- Utilize a secure password management system. A password manager will track and organize all your unique passwords, which you can access with a secure master password in one system.
- Enable two-factor authentication when available. Using two-factor authentication will use a second mode of verifying a user’s credibility by sending a code via text message, for example.
WHAT ARE MY NEXT STEPS?
If you are using weak passwords, especially for multiple or key accounts, update your accounts with more secure credentials as soon as possible. Bad actors are creating new schemes daily; it is best to secure your data before a breach happens, instead of dealing with damage control after the fact.
If your business is seeking more in-depth training and information about cybersecurity practices, Fairview can help. Contact us today for training resources, security software and password manager product recommendations, and a host of other resources.