It’s human nature to want convenience, especially when it comes to remembering five, ten, and often dozens of passwords for work and daily life. This desire for convenience makes passwords one of the easiest barriers for an attacker to overcome. Almost 3 trillion (yes, trillion with a t and 12 zeros) eight-character password combinations are possible by using the 26 letters of the alphabet and the numerals 0 through 9. The keys to strong passwords are: 1) easy to remember and 2) difficult to crack. However, most people just focus on the easy-to-remember part. Users like to use such passwords as password, their login name, abc123, or no password at all! Don’t laugh; I’ve seen these blatant weaknesses and guarantee they’re on any given network this very moment.
Unless users are educated and reminded about using strong passwords, their passwords usually are
- Easy to guess.
- Seldom changed.
- Reused for many security points. When bad guys crack one password, they can often access other systems with that same password and username.
- Written down in unsecure places. Generally, the more complex a password is, the more difficult it is to crack. However, when users create complex passwords, they’re more likely to write them down. External attackers and malicious insiders can find these passwords and use them against you and your business.