Can you guess what the most popular passwords were for 2021? They might look a bit familiar: 123456, qwerty and password.1 Yes, even as we approach 2022—where data breaches and cyberattacks are becoming more common, more dangerous and more expensive than ever—we are not practicing good password hygiene.
What is bad password hygiene?
Password hygiene is the important practice of ensuring passwords are unique, difficult to guess and hard to crack. It’s the set of guidelines and principles that, when leveraged correctly, helps keep your passwords protected from cybercriminals.
Earlier this year, IBM conducted a global survey examining consumers’ digital behaviors during the pandemic, as well as their potential long-term impact on cybersecurity. The study found that individuals created 15 new accounts on average during the pandemic, with 82% reusing passwords across accounts.2 These findings show just how much convenience outweighs security and privacy.
While this study focused on account overload for consumers, it’s safe to argue that many individuals share passwords between work and personal life. And with more people working from their less secure home offices than traditional business locations, we can begin to understand why organizations and their employees are at more risk than ever before.
Changing your password isn’t enough
Passwords are meant to protect your valuable business information from hackers, but unfortunately, we can no longer rely on passwords alone. Cybercriminals are cracking passwords with simple yet sophisticated methods. You might recall when hackers took down the Colonial Pipeline Company earlier this year. An account within the company wasn’t using multifactor authentication (MFA), a basic cybersecurity tool that requires a user to provide two or more verification factors to gain access to a resource such as an application, online account or VPN. This allowed hackers to breach the network using just a compromised username and password.
The use of MFA may have averted the compromise of the Colonial systems and the need for the company to pay hackers $5 million to regain access, as well as hardship associated with widespread fuel shortages across the Southeast.
Government guidance for MFA
The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Information Sheet full of recommendations, including the use of remote-access VPN products that support MFA.
MFA is an effective tool that offers a strong defense against hackers trying to steal your credentials. The methodology is based on one of three types of information:
- Things you know, such as a password or personal identification number (PIN)
- Things you have or possess, such as a token generator or smartphone
- Things that make you unique, such as a biometric identifier like voice recognition or a fingerprint
Today, we’re seeing an increased use of MFA or 2FA (two-factor authentication) with the online services in our personal and professional lives. For instance, Ring, a home security and smart home company owned by Amazon, recently required the use of two-step verification, a version of MFA, to access their application. As another example, Windstream Enterprise uses 2FA technology to protect our SD-WAN Customer Portal.
Enforcing the use of an MFA like a thumbprint or physical hardware key means increased confidence that your organization will stay safe from cybercriminals. Keep your business, employees and customers safe by upping your security solutions to support the use of MFA technology, such as MNS from Windstream Enterprise. Our Professional Services team is available to assist your organization in the planning and deploying of MFA, reducing the complexity of integrating this technology into your cybersecurity defenses.
- Meyer, Bernard. CyberNews. “Most Common Passwords: Latest 2021 Statistics.” October 15, 2021.
- IBM, “IBM Survey: Pandemic-Induced Digital Reliance Creates Lingering Security Side Effects.” July 15, 2021.