World Password Day: From 1234567 to 4Se¢&uri%tY2

If they are too long and too complicated, we can't remember them. If they are too short, they are not secure. If we use a special password for every IT service, our password list becomes so long that we have to write them down somewhere. This, in turn, is of course a security sin. So, what is to be done?

Password uncertainty and no end

Careless use of passwords is widespread. There are studies that show that 60 percent of passwords in companies do not meet the minimum requirements. It is therefore not surprising that more than 80 percent of cybersecurity breaches were made possible by inadequate password security[i]. Every year, lists of the most commonly used passwords are published, and again this year they look pretty much the same as in previous years[ii]:

1. 123456
2. 123456789
3. qwerty
4. password
5. 12345
6. qwerty123
7. 1q2w3e
8. 12345678
9. 111111
10. 1234567890

We know today that 10,000 of the most common passwords would open more than 90 percent of all accounts existing on the Internet - because most users use the same password over and over again, often for years. Cybercriminals know this as well, of course, and this is the reason why there is now actually a worldwide «Password Day»[iii], which takes place on May 5 this year.

Size does matter

Password hackers have made immense progress in recent years - thanks in part to ever-advancing computing power and increasingly affordable cloud technology. A Hive Systems study found that any eight-digit password can now be cracked in less than an hour[iv]. Even more alarming: Passwords containing fewer than seven characters can now be cracked almost instantly; in 2020, it still took eight hours to crack a complex password consisting of eight characters. But here's the good news: a password of 12 characters created with a reputable password manager would take up to 3,000 years to crack with raw computing power, according to the study.

Security is essential, and a password manager is the most secure

Passwords should therefore be at least 12 characters long. It makes them more secure if they contain capital letters, numbers and special characters and no personal information (names, dates of birth). Never use a password more than once (see above).

These are exactly the rules that make password management complicated. That's why it's recommended to use a password manager that stores your passwords and helps to create new and secure ones. This way, you only need to remember the password for the password manager. Many good password managers even offer their services for free[v].

Either way, always set up two-factor authentication whenever possible. Criminals who have stolen your password will not be able to access your account without the second factor, such as a hardware or software token or an SMS text message[vi].

Cybersecurity for a digital world

At UMB, we view cybersecurity as an integral discipline across the IT landscape and understand the challenges of a rapidly changing world. Cybersecurity is not viewed in isolation here at UMB, but as part of IT, workplace and digitalization concepts, which also include access controls and passwords. Only balanced organizational and technical measures will effectively protect your company. To do this, new security dimensions must be introduced that complement classic prevention (network and perimeter protection). On the one hand, this includes the ability to detect an attacker at an early stage. On the other hand, it must be possible to initiate the right countermeasures quickly. Please contact us if you are interested in this topic.

[i] 81% Of Company Data Breaches Due To Poor Passwords

[ii] Here's 2022's worst passwords — don't use any of these

[iii] World Password Day (May 5th, 2022)

[iv] https://www.hivesystems.io/password-table

[v] Best Password Manager to Use for 2022

[vi] SecurID Identity and Access Management