Is A Password Protecting Your Employees? Part 2
So If I Have A Really Strong Password For Each Account, I Am Protected, Right?
Yes, and unfortunately still no.
Having different passwords for every account on the websites you visit is smart damage control. If one account gets hacked, it will still be just as hard to hack into your other accounts. It’s a great deterrent and the damage can be contained, to the point where it might not even be a big loss.
But no matter how complicated or strong your password is, it can still be hacked.
A password can be hacked as long as it is a combination of the following characters:
Now some people might try to be smart and say their password doesn’t use any of these characters. Tempting, but it’s false.
Those two lines of characters are every key on the keyboard. Which means every possible character your password can be made of.
Now you might think “But who would type every single character combination in the password box? That would take forever!”
You are correct.
There are 94 characters that could make up 1 character of your password. To test each character for, say a 6-character long password, even if it was weak, would result in over 600 billion possibilities. It could even be a larger number if the password is longer. No one has the time to do manually test everything.
However, they may not need to, thanks to two technologies. Password keylogging and password cracking.
Password keylogging works when someone installs software onto your computer (or attaches it) to a USB. A keylogger works by recording every single key that’s typed on your keyboard.
It sounds unbelievable, and it’s true that the results you get from a keylogger look absurd, but all you need to find is one common phrase or anything that looks like a password, and you’ve got it.
Password cracking is software that, when faced with an account name, will test out every possible password until the account is accessed. That sounds silly, because if we went back to our example, that’s 600 billion possibilities.
However, imagine a computer running through those possibilities.
Since password cracking runs on mathematics and it’s logically constrained (all passwords contain some combination of the 94 characters), there’s no password that can’t be cracked.
To be fair, it’s pretty easy to catch keylogging software and it can take up to a few months to even get one password from cracking. But depending on the individual, it might be worth it.
There are plenty of other choices out on the Internet, and just like the two examples, some of them are free and easy to download. You can even find them on a Google search.
But I Have Nothing To Steal, I’m Safe, Right?
If that was the case, then the following must be true:
- You have no passwords on ANY of your technology
- It doesn’t matter WHO accesses your devices
- You are not worried about discussing ANY information to ANYONE
- All information in your company/account is accessible to EVERYONE
- If information was released tomorrow for whatever reason, your business would be happy about it (or indifferent)
To put it simply, if no one cares about the information, then it’s safe. If it’s something you don’t want other people knowing (regardless of who or how important they are), then it’s not “nothing”.
So How Do I Protect Myself?
If passwords can be cracked, you might think no one is safe.
Passwords are simply no longer the stalwart protectors that they once were. That doesn’t mean they do a bad job. Remember, 99% of all individuals who want your information will still be deterred by a password.
If your password is very strong, cracking it could take months, maybe even a year. That’s enough of a deterrent to get even dedicated hackers to think your password isn’t worth the effort.
But as we’ve discussed in the article, it would be foolish to believe that regular passwords provide the privacy you expect.
Here’s what you can do to secure your information:
1. Change passwords when employees leave
The easiest way for strangers to access your data is when they previously weren’t strangers. Past employees might still be able to access their old workstations and accounts.
You might wonder why on earth they would do that, but you don’t know how employees feel if they didn’t leave on good terms. If they can still access company data, it could turn ugly.
The chances of this happening may be low (employees usually remember moments about their last company, not passwords), but if it’s a chance you’re not willing to take, it’s something to consider.
2. Encourage multiple security measures
If employees are constantly working with confidential information, it is helpful to have them work with password-protected documents that will be different from the passwords the employee normally uses.
There are also security measures such as phone verification that add an extra layer of security hackers are unlikely to break. Some laptops come equipped with fingerprint readers for added security, and tablets have their own security capabilities that help protect files.
Talk to your system administrators or IT department to see what you can do.
3. Track network activity
If you or your employees are accessing information on a website, it might have viruses that allow hackers to get data. Hackers wait for you to unintentionally download the software through cookies or a virus disguised as a file. If your network can pick up these websites and work around them, you could prevent theft before it happens.
4. Educate employees on password usage
I’m not talking about a class or a long lecture. Even telling employees about guidelines to make stronger passwords for 5 minutes is enough to get a culture of strong passwords.
Increasing the strength of your company passwords not only makes it harder for hackers to crack your password, but it also encourages employees to really think about the “What if” scenario a bit more seriously.
After all, hacking might be rare, but you never want it to happen to you.
Always have solid security measures
There’s a saying “If someone wants to steal something from you, it will be stolen anyway”. No matter how strong your security is, if someone wants your information that badly, it will be stolen from you regardless.
What you can do is make your information so hard to steal that it would require military action just to get your information, which to almost everyone in the world is not worth the effort.
Passwords are still strong, but their strength is getting weaker. It’s best to get more security to guard your information and prevent others from taking that information. If it’s something you need guarded, look into better IT to help you out.
At MSP Blueshift, we know what keeps your IT secure so you can sleep at night knowing that strong security is watching over your confidential information. We monitor your network for attacks and put layers of security so your company is as protected as possible.