When it comes to cybersecurity, multifactor authentication, along with hard-to-crack passwords, is crucial to prevent attacks.
However, according to mobile security firm Lookout, “password,” “12345”, and “Qwerty123” are among the most commonly found passwords leaked on the dark web. And password security does not appear to be improving.
A consulting firm EY survey found that only 48 percent of government and public sector respondents said they are “very confident in their ability to use strong passwords at work.”
Illustrative of the password problem was a study by the U.S. Office of Inspector General, which inspected the U.S. Department of the Interior’s (DOI) password requirements. It turns out that hacking the DOI was reasonably easy.
The Inspector General’s Office procured “clear-text” (non-encrypted) passwords for 16 percent of user accounts in less than two hours. And investigators found that five of the ten most-reused passwords at DOI included a variation of “password” combined with “1234”.
According to the report, much of the issue came from a lack of multifactor authentication.
Reusing passwords is understandable, as the average person now has over 100 online accounts with passwords. However, simple passwords make it easy for hackers.
“Compromised, weak, and reused passwords still account for the majority of hacking-related data breaches and are one of the top risk issues for most enterprises,” Gaurav Banga, CEO and founder of cybersecurity firm Balbix told the Triple-I blog.
In 2020, Balbix found that 99 percent of enterprise users recycle passwords across work accounts or between work and personal accounts. The report also discovered that, on average, every single password is shared across 2.7 accounts.
“The cost of ransomware attacks has increased as criminals have targeted larger companies, supply chains and critical infrastructure,” Allianz says in its Allianz’s 2023 Risk Barometer. “In April 2022, an attack impacted around 30 institutions of the government of Costa Rica, crippling the territory for two months.”
Organizations and individuals need to take the threat of cyberattacks seriously and do as much as possible to reduce their risk. Maintaining basic cyber hygiene practices, including setting strong passwords and updating software regularly, is a necessary first step.
Editorial photo credit: Tada Images / Shutterstock
Chivaroli and Associates Insurance Services is a full-service brokerage firm specializing in the custom-design and placement of insurance and alternative risk funding solutions for your healthcare organization.