Dealing with passwords by many users is risky. Passwords that are used for multiple accounts simultaneously are particularly problematic.
Attacks such as ransomware attacks often start by manipulating employees. Therefore, insecure and weak passwords are an easy gateway for hackers. However, there are effective measures that companies can use to protect their data – above all, two-factor authentication and a password manager.
The losses incurred by the German economy as a result of theft, espionage, and sabotage have reached a record level: According to the Bitkom industry association, the total annual damage in 2020/21 has more than doubled to 223 billion euros compared to the same period last year. Incidents of extortion are primarily responsible for this increase: The damage caused by ransomware attacks has more than quadrupled (+358 percent).
A large part of the attacks begins with manipulating employees, the so-called social engineering. According to Bitkom, criminals in 41 percent of German companies exploit the “human factor” as the supposedly weakest link in the security chain to access sensitive data such as passwords. Due to the pandemic, the increased switch favored this development to the home office in the last two years.
Passwords are cracked faster and faster.
A problem that should not be underestimated is weak and insecure passwords.
Because hackers can crack the passwords faster and faster: According to a study by the US software provider Hive Systems, it was still possible to read a complex eight-digit password in eight hours in 2020. Today this can be done in less than an hour.
Hive Systems’ data is based on how long it would take a hacker to crack a password hash using a top-of-the-line graphics card and brute force methods, which means trying all possible cases. A “hash” is an encrypted version of a password that is reproducible with popular hashing software. For example, when the word “password” is hashed with MD5 software, it is visible as 5f4dcc3b5aa765d61d8327deb882cf99.
Simple sequences of numbers are particularly popular as passwords.
A strong password is at least 16 characters—including uppercase and lowercase letters, numbers, and symbols, recommends Dan DeMichele, vice president of product management at LastPass. Only then is it suitable “as the first and most important line of defense against cyber attacks.” However, this tip is not heeded in many places. According to a study by web.de, almost every second German (49 percent) uses passwords with ten or fewer characters. In addition, many passwords are not secure: 44 percent of those surveyed use personal information – for example, the dates of birth of family members, partners, or friends (16 percent), anniversaries (15 percent), or the names or nicknames of children, partners, or pets ( 23 percent / 11 percent / 13 percent). It was the most common, according to the Hasso Plattner Institute (HPI) 2021, the number sequence 123456, followed by “password,” 12345, and “hello.”
The reason for this lack of caution
Many users are “password-tired,” i.e., overwhelmed by more and more passwords that they have to think up and remember in everyday digital life.
It is also fatal that more than half of Germans (52 percent) use passwords more than once – for example, for online banking transactions, digital administrative procedures, e-mail, and social media. Five percent even use the same password for all accounts. If it is cracked, all other accounts are automatically at risk.
A strong and secure password
consists of special characters, numbers, upper and lower case letters, and symbols.
Has at least 16 characters. The longer it is, the more time it takes to crack it. This deters hackers from looking for a quick profit.
It is based on multi-factor authentication. Here, hackers have to overcome two levels of security before they can access the account.
Automatically created and saved by a password manager. This helps remember multiple unique passwords and is more secure than writing them down or storing them on your phone.
Only needs to be updated if it has been compromised. This is where dark web monitoring from password managers like LastPass can help.
How companies can protect themselves
Not only large companies are a popular target for hackers. Smaller companies also need to strengthen their cyber defenses and prepare for potential hacker attacks, warns LastPass expert DeMichele. One of the most important immediate measures is to enable multi-factor authentication (MFA): “MFA significantly reduces the risk of compromised passwords and provides another, much-needed layer of protection against attacks.” Using a tool to create and store passwords also increases their security. According to a study by Hive, it would take hackers 3,000 years to read a 12-digit password created by a password manager.