Importance of Password Security

Data breaches and identity theft are on the rise, and the cause is often compromised passwords. After stealing credentials, cybercriminals can use passwords to start disinformation campaigns against companies, use people’s payment information for purchases, and spy on users through WiFi-connected security cameras.
How To Create Secure Passwords
The best practices for creating secure passwords are:
• A password should be 16 characters or more; our password-related research has found that 45 percent of Americans use passwords of eight characters or less, which are not as secure as longer passwords.
• A password should include a combination of letters, numbers, and characters.
• A password shouldn’t be shared with any other account.
• A password shouldn’t include any of the user’s personal information like their address or phone number. It’s also best not to include any information that can be accessed on social media like kids’ or pets’ names.
• A password shouldn’t contain any consecutive letters or numbers.
• A password shouldn’t be the word “password” or the same letter or number repeated.
Why Is Password Security Important?
Not having secure passwords has its consequences, which include but are not limited to:
• After gaining access to a user’s credentials, many hackers will log into their accounts to steal more of their personally identifiable information (PII) like their names, addresses, and bank account information. They will use this information either to steal money from the user directly or to steal their identity. Identity theft can result in further financial losses or difficulty getting loans or employment.
• Lack of privacy
• For businesses, hackers can start disinformation campaigns against companies, sharing their data with competitors and storing it for a ransom1.
The Impact of Stolen Passwords
Compromised passwords caused 80 percent of all data breaches in 2019, resulting in financial losses for both businesses and consumers.
Impact on Businesses
◦ Internationally, the average cost of a data breach in 2020 for businesses was $3.86 million, according to IBM. However, for the U.S, the average cost was the highest worldwide at $8.64 million
◦ In the manufacturing industry specifically, malware that stole credentials and dumped passwords created 922 cybersecurity incidents in 2020. 73 percent of these incidents were motivated by financial incentives, while with 27 percent of these incidents, the motive was espionage4.
Top Data Compromised
Percent of Manufacturers With Data Breaches in 2020
Credentials
55%
Personal
49%
Payment
20%
Other
25%
• If companies have a data breach caused by stolen credentials, they can lose up to three percent of their overall market value long-term. For the retail industry, this loss triples to nine percent within only 30 days of the breach announcement. According to researchers from the University of North Carolina’s Kenan Flagler Business School, this increase is due to the fact that retail customers are less brand loyal than consumers in other industries.
Impact on Consumers
Customers’ PII-related data is the most valuable data type that hackers can extract from security breaches, costing $150 per record according to IBM’s 2020 Cost of Data Breach Report.
The FTC reports that in 2019, total losses from identity theft, which can be caused by stolen passwords, totaled $92 million. The median loss from identity theft for consumers was $894
Other Ways To Protect Yourself Online
Aside from creating secure and unique passwords for all web accounts, there are other best practices to increase one’s digital security.
1. Use a VPN: While passwords keep unauthorized users out of accounts, Internet Service Providers can still track a user’s online activity as well as their devices’ private IP addresses. The only way to hide web activity and IP addresses is to connect not directly to a public Wi-Fi network, but instead to a VPN, which stands for Virtual Private Network. Learn more about finding the best VPN, all tested by our digital security experts.
2. Use antivirus software: Antivirus software scans computers, phones and tablets for malware, viruses, ransomware, spyware and other cyber threats.
3. Use a password manager: Password managers store users’ usernames and passwords in encrypted vaults, requiring only master passwords or biometrics to log into accounts.
4. Multi Factor Authentication – MFA / 2FA: Multifactor Authentication (or MFA) has become a critical, preventative security measure for businesses and organizations of all sizes, and any individual who uses a smart device in their daily life. It offers an added layer of security that compliments how passwords are used to protect private data, thereby making it more difficult for potential hackers to exploit and obtain personal data, or to breach company networks. To explain it simply, an authentication factor is a credential used to verify the identity of a person, entity, or system. When multifactor authentication is in place, more than one credential is required prior to granting access to private systems or data. Incidents such as the Facebook security breach in 2018, which exposed the personal information of over 50 million users, have forced companies to add a layer of security to their platforms. Tech giants including Twitter and Google have since adopted MFA to protect their users and their data.
5. Only change passwords when needed: It’s a myth that users should change their passwords in regular intervals. Rather, it’s only necessary to change passwords if the account itself is compromised, according to recent reports.

Leave a Reply