10 Password Security Best Practices in 2023 | World Password Day

World Password Day

We use passwords for everything from opening our phones to opening our homes. Every login, registration, application, and subscription need a password. In 2014 each person needed an average of 19 passwords. The average number of passwords each person uses in 2023 is around 100, according to a study! Nothing is more indicative of the rapid leap in cyber security awareness and technology development than our reliance on passwords for everything in our daily lives. World Password Day (#layerup) is celebrated yearly on the first Thursday of May, “to address the critical need for solid passwords.”

World Password Day was created by Intel in 2013. Creating strong passwords is critical to the protection and security of all our digital devices, especially with the rapidly changing threat landscape. Weak or stolen passwords account for a large percentage of data breaches within enterprises, making password security awareness a pervasive issue. Passwords with 5 characters (3 lowercase letters and 2 numbers) can, on average, be cracked in 0.03 seconds, while a more complex password with 12 characters (3 uppercase letters, 4 lowercase letters, 3 special characters, 2 numbers) takes 7.5 million years to crack using a brute force attack.

Everyone is becoming more cyber security conscious, and World Password Day serves to remind us that password security is more important than ever. Let’s discuss a few best practices to use when creating or changing passwords, to make them strong, long, and secure.

Before we dive into some of the password security best practices, here is a snapshot of one recent event that stands as proof of the disastrous consequences if an organization’s passwords aren’t strong enough. Orange Spain experienced a significant network outage after its IP address database was breached by an individual using the alias "Snow," who exploited a weak password ("ripeadmin"). It was exposed by infostealer malware after affecting one of the company employee's accounts. Although Orange Spain confirmed that there is no evidence of customer data compromise, security experts highlight the importance of implementing stronger password policies and multi-factor authentication.

10 Simple Tips for Secure Password Practices

1. Create a long and complex password or a passphrase. Passphrases can be easy-to-remember phrases like a song or movie title or quote.
2. Use a combination of uppercase and lowercase letters, numbers, and special symbols to make the password or passphrase stronger. Substitute letters with numbers or characters like using “3” or “#” instead of “E” or “e” and “@” instead of “a”.
3. Avoid using your birthday, spouse’s name, spouse’s birthday, child’s birthday, dog’s name, dog’s birthday or any PII obviously associated with you.
4. The ideal minimum length of a password should be between 12-14 characters.
5. Test your password strength using an online testing tool.
6. Use a different and unique password for every account and update them regularly.
7. Avoid storing passwords in any of your devices or having them written down.
8. Use a reputable password manager to keep your passwords organized, available, and secure.
9. Ensure 2-factor authentication is set up for accounts containing sensitive data.
10. Avoid using common words or phrases or passwords as shown below.

Brute-Force Attacks on Passwords

An attacker can use the brute-force attack method to crack weak passwords, by submitting millions of combinations of passwords or passphrases in hopes of guessing the correct one. Brute-force attacks are just one of millions of attack methods aimed at cracking your password.

Two-Factor Authentication Makes Passwords Stronger

Passwords have been in use since the very first computer systems were created – but times have changed. Most device users already use two-factor authentication, even if they don’t know it. Two-factor authentication is used everywhere from the zip code you enter at the gas pump to use your credit card, to the face scan on your phone. Two-factor authentication is an authentication method that requires not one, but two different and distinct forms of identification to access an online platform. Two-factor authentication uses something you know (password or PIN number) with something you have like biometric security using fingerprints or face scans, a QR code, SMS message or any number of other methods. By deploying security solutions that require two-factor authentication, you are automatically creating an additional layer of security between your identity, password, and your data.

Sangfor Technologies Enterprise Cloud Computing and Network Security

Just as passwords are strengthened with two-factor authentication, network security is strengthened by Sangfor Technologies security solutions. Sangfor even has solutions that enforce password management and two-factor authentication for access control such as Sangfor Internet Access Gateway (IAG).

Sangfor also provides other cutting-edge, innovative cloud computing and network security solutions, delivering the network security most needed and wanted, including:

• Network Secure - Next Generation Firewall
• Cyber Command - NDR Platform
• Endpoint Secure
• Cyber Guardian
• Hyper-Converged Infrastructure (HCI)

Why Sangfor?

To learn more about Sangfor’s security solutions and solutions utilizing two-factor authentication, visit us at www.sangfor.com or email us directly at marketing@sangfor.com.

Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Call, email, or visit our website to learn more about Sangfor’s Cloud, Security, or Infrastructure solutions, and let Sangfor make your IT simpler, more secure, and valuable.

Contact Us for Business Inquiry