Rethinking Passwords in the ‘Brute Force’ Age
Here’s a discomfiting thought: Experts say that even if you create a solid password with numerals and special characters, it can be cracked in eight hours.
For many years, you’ve been repeatedly told that as long as your password is eight characters long, with upper- and lowercase characters, at least one numeral, and at least one special character, you were in pretty good shape.
Blame the ever-growing power of computers; they now have the speed to use brute force to crack not only dictionary words (more on that below), but sophisticated password combos.
There are several types of brute force attacks, the most well-known being the dictionary attack. This attack uses a list of common words, either from the dictionary (of course) or a list of common user passwords, and tries them as potential passwords.
Another variant is the reverse brute force attack, in which threat actors try a common group of passwords or individual passwords against a list of possible usernames.
Credential stuffing uses a username and password combination that is already known (usually because it was previously stolen) by the attacker. This type of attack is skyrocketing and should not be taken lightly.
Using programs that scour the dark web for email addresses, usernames, and passwords, credential stuffing is an easy way for threat actors to access business networks.
What you can do
It’s tempting to throw up your hands at this point—you’ve been trying to create strong passwords, but now it seems they’re not good enough.
The solution, experts say, probably lies in a digital password manager. These tools, easily available, create extremely long passwords for you—and remember them, so you don’t have to. All you need to do is create one very long, very strong password for the manager itself.
© National Security Institute, Inc. www.nsi.org
Recent SecuritySense Posts
- 5 Things Crooks Love to See In Your Social Media Profile
- FAQ: Security and the Cloud
- The Ransomware Perfect Storm
- Children More at Risk Online During Pandemic
- Going Back to the Office? You’re a Perfect Target for Phishers
- 5 New Social Engineering Tactics Criminals Are Using Right Now
- April Scam Watch
- Top 4 Emotions Used in Social Engineering
- Security Is Critical to Pandemic Recovery
- Using Instagram Securely
Protect Yourself & Your Company From Cybercrime
Why shouldn’t your life be a little easier?
We want to make it super easy for you to market cybersecurity awareness to everyone at your company. We’re here to help you be more persuasive and support your work to make the entire company cyber-savvy.
Maybe you’re not a “marketer,” but you can be. You can get their attention with content that’s relatable, relevant, concise and enjoyable to read. We get feedback all the time from your peers who tell us their employees look forward to receiving SecuritySense.
SecuritySense is a subscription-based content service that delivers you a consistent supply of fresh cybersecurity awareness content so you can easily maintain an ongoing cybersecurity brand awareness campaign
Our Unique Content Strategy
People pay attention to content they find personally relevant. SecuritySense doesn’t feel like you’re being given extra work to do. It’s a blend of personal and work-relevant cybersecurity tips, warnings, human interest stories, instructions, news and insights that everyone looks forward to receiving. More about our content strategy
The Secret to Creating Awareness
Brand marketers know if you want to create awareness you have to do two things. Steadily promote your message and make sure the message offers content that personally resonates with your audience. SecuritySense makes it easy for you to do both.
Compare Our Per Employee Cost
Compare our per employee annual cost with the $8.00 – $20.00 seat licenses you might pay for training platforms. It’s a no-brainer to add SecuritySense to your overall program.