Oh Password, Where Art Thou?

by | Nov 13, 2021

Passwords

Have you ever wished for a “passwordless society?” Well, good news! Microsoft has taken steps towards that possibility.

Microsoft announced in mid-September of 2021 that it will introduce a “passwordless account” option for all users of several popular services, such as Microsoft Outlook and Microsoft OneDrive in the coming weeks. Microsoft previously made this option available to corporate accounts last year. This means setting up Microsoft Authenticator, or alternate similar method, to access your account versus having to remember a password.

You may be asking yourself – why is this relevant?

You’ve been listening to the “best practice” of 8-character passwords, and you are about to update all your accounts to Fall2025! so you’ll be “secured.”

You’ll also be very diligent to update everything that prompts you to do so. For anything that doesn’t allow a pattern, you’ll leverage your child, pet, or hobby in some way to accomplish the goal. Correct?

Some password statistics from August 2020 that may alarm you:

    • 59% use their name or birthdate in their password
    • 43% have shared their password with someone
    • Only 45% would change a password after a breach
    • A 12-character password takes 62 trillion times longer to crack than a six-character password
    • 42% of organizations rely on sticky notes for password management
    • IT professionals reuse passwords more than average users
    • Almost two-thirds of people use the same password across multiple accounts
    • Employees use the same password an average of 13 times
    • MFA blocks 99.9% of all attacks
    • 24% of people use a password manager
    • 80% of hacking-related breaches are linked to passwords

Clearly, passwords present a problem and a vulnerability. Microsoft understands this and is taking steps toward addressing it. What should we as users do?

Here are things we recommend implementing without delay:

    • Implement a password manager to keep up with your passwords
    • Implement 2FA (2-Factor Authentication) on every single account that allows it
    • Utilize a password manager to create your passwords – never do it on your own
    • Set the default length for all passwords to at least 12-characters, but preferably more
    • Never share your password with anyone else
    • Never share a single password across multiple accounts

You may be asking yourself – what happens if the password manager is breached?

That’s a great question and valid because anything is possible. In fact, that very thing happened in February 2021 to LastPass – one of the leaders in the industry.

In that breach, hackers attempted a credential stuffing attack — where malicious actors attempt to log in to multiple accounts with previously verified credentials — but LastPass said no master passwords were compromised.

If anyone was using a weak master password (such as Password123), then their data would be compromised in no time. The “master password” is THE critical element to securing your accounts when utilizing a password manager.

The CIA Triad is a common industry model in security and is an acronym that stands for: 

    • Confidentiality, 
    • Integrity, 
    • and Availability
The intent with security is to strike a balance.

We need ease of use while still knowing that our data is private and secure. The more layers of security in place, the more secure something tends to be.

Much like your home – if you leave the door unlocked, you have no security at all. If you twist the lock on the knob, it’s an added layer. Add a deadbolt and you have one more. Lock the chain and you’re even more protected. Add security cameras, motion sensors, an alarm and automation and you turn your home into a fortress. It makes it more of a process to get into your home, but it also enhances your security tenfold.

Why should your data security be any less important?

If you have lower security measures in place on personal accounts, that can still affect your business’ data security if you access your personal accounts on business assets (computers, cell phones, etc.).

Partnering with PCA Technology Solutions to be your Technology Coach can help you and your employees learn more about passwords and data security. Contact us today to learn more.