Hive Systems has updated its famous Password Table for 2023. Spoiler alert: it’s not looking good for your go-to password combinations.
Their latest data shows the updated time it takes for hackers to "brute force" a password, taking today’s newest technologies into account. The main takeaway? Passwords less than 12 characters can be hacked in under an hour, and the more complex your password is the better.
What’s more, it’s important to note that the metrics in Hive's table assume that multi-factor authentication is not used or bypassed, that the passwords are randomly generated, and that they haven’t been a part of a past breach.
Robust Password Security is Critical to Today's Workplace
The advances in technology (specifically in affordable cloud computing) over the past few years have dramatically shortened the amount of time it takes to crack a password. In just 2020, a complex eight-character password took at least eight hours to untangle. Today, that time span has decreased to five minutes.
The ability to crack longer, more intricate passwords is even more threatening when you consider today’s distributed or hybrid workforces. As professionals regularly began logging in from miles apart and relying on personal and public Wi-Fi networks—as well as their own insecure devices—organizations’ internal networks became wide open to risk, fundamentally altering the traditional office security perimeter. According to Mimecast, in 2023 97% of individuals using email have been targeting by a phishing attack.
Securing systems and devices against growing cyberattacks has never been more important, beyond just network and email security. And while organizations have attempted to combat cybersecurity risks and other issues head-on, scaling back and prioritizing basic 101-level password hygiene and policies before implementing more sophisticated software might be where most organizations need to focus on. Aka—the password.
How to Build, Store and Maintain Strong Passwords
So, how can companies keep their professionals secure if half their workforce is remote but still need to access mission-critical applications outside of the enterprise network?
It can be as simple as creating and implementing strong password policies. In fact, most businesses don’t fully understand the spectrum of threats directly caused by poor password hygiene. The good news is that building a strategy for password use within a larger company cybersecurity program is more simple than it used to be, thanks to password security and management becoming more intuitive in the last few years.
When developing a robust password strategy, you can follow password best practices from the National Institute of Standards and Technology (NIST) or other leading security organizations. Here are some potential risk-reducing best practices:
- Set a minimum password length. NIST recommends eight characters, but based on Hive’s table, you should use 12 characters with both upper- and lower-case letters, numbers, and symbols. It’ll give you about a 226-year grace period (for now).
- Use a password manager. These store logins in a vault and protect them via a master password or biometric login options. They can generate unique passwords based on preferred length and complexity, and help users avoid password reuse.
- Employ a user verification policy. This can be done through two-factor or multi-factor authentication. It ensures an agent won’t give an unauthorized user access without knowing it, protecting an organization while also ensuring continuity between a distributed workforce.
- Implement employee awareness training. Address the fundamentals of proper password hygiene year after year, ensuring your policies and expectations evolve alongside new cyber risks and technology.
Why Does This Matter?
We live in a time of heightened cyber risks, and not just because workforces continue to connect remotely.
The Securities and Exchange Commission (SEC) is soon enacting new regulations on cybersecurity and compliance in line with a growing anxiety around cybersecurity threats globally. Focusing on improving passwords might seem fundamental, but it allows companies to ultimately maximize workforce continuity and stability in order to meet today’s challenges directly, safely, and flexibly.
Align Cybersecurity, Align's comprehensive risk management solution, offers engaging, advanced security awareness training, in addition to, custom “white-glove” in-person training, mock cybersecurity exams and reporting of education, retention and employee performance relating to cybersecurity risk.
For more information regarding our award-winning Cybersecurity Advisory Services, visit here or contact us by clicking the button below.