In the first Harry Potter film, Harry and his best friends discover that a stone with properties of immortality is hidden somewhere in their school, guarded by a giant three-headed dog. When the trio realizes someone is seeking the stone to help an evil wizard return to power, they visit their friend, a groundskeeper named Hagrid, for help. Hagrid dismisses their concerns, saying no one can get past his three-headed dog, Fluffy. As he recounts a story he told a stranger months earlier about how music can soothe Fluffy to sleep, Hagrid realizes that he accidentally gave the stranger the info needed to breach the security guarding the stone. Harry and his friends soon find Fluffy asleep, a nearby harp playing continuous music so that the antagonist could sneak through the trap door.While there aren’t any three-headed dogs guarding your community financial institution who will drift off after a few piano notes, there are plenty of proven tricks hackers are using to sidestep the security features you do have: passwords. Passwords have been critiqued for a bit as being weak forms of security, but it’s the strength of the password that makes or breaks its effectiveness, along with how well the user guards it.A Verizon report found that 61% of all data breaches involved user credentials, and half of those credentials were stolen. In addition, the study found that 74% of all breaches involved a human element, like weak login credentials.The Reality of Easy-To-Guess PasswordsCybercrooks love passwords that they can crack. Globally, the most popular passwords are some of the easiest to guess. An analysis by Cybernews of 15B passwords that were located on databases of leaked passwords found that ridiculously simple ones topped the list. The 10 most popular ones in the world, in order, were: 123456, 123456789, qwerty, password, 12345, qwerty123, 1q2w3e, 12345678,111111, 1234567890.Other popular but problematic passwords:
- Sports Teams. The Phoenix Suns and Miami Heat were most often used as sports passwords.
- Common Names. Eva is the most-often-used password name, followed by Alex.
- Years. People commonly use their birth year or another special year within their password. The most popular years, in order, were 2010, followed by 1987 and 1991.
- Salty Language. The following words have been censored to align with PCBB’s professional language standards. “A**” is the most popular in this category, followed by “s**”. The famed “F” word comes in third.
The Impact of Weak Password SecurityWhile some organizations require long and complex passwords or multi-factor authentication, others don’t. Password management software can help, but that is also often underutilized. Regularly monitoring the dark web for leaked credentials can help provide early warning of potential problems, though this is an often overlooked security tool as well.Stolen passwords and credentials can lead to major hassles for businesses. Hackers can log in, steal data and money, and damage your reputation. They can even hold your data for ransom.The New Wave of Password SecurityFor community financial institutions, which are guarding vast amounts of financial data on consumers and small businesses, enhanced data protection means adopting robust security strategies. One effective method is the use of passphrases — a more complex alternative to traditional passwords that involves creating an acronym-like string made of letters, numbers, and special characters that only the password creator would understand. Unlike conventional passwords, which are typically limited to 8-16 characters, passphrases can extend beyond 100 characters, offering a higher level of security and complexity. For example, you could combine the title of your favorite book, a friend’s name, and that day’s forecast to make a password like “Gr@p3sofJeFFra1n56”.
Benefits of Passphrases
Benefits of Passphrases
- Enhanced security. The extended length of a passphrase, combined with its complexity, makes it significantly harder for cybercriminals to crack. This added layer of security is crucial for protecting sensitive financial data.
- Ease of memorization. Despite their length, passphrases are more memorable than random strings of characters. A series of familiar yet unrelated words can be easier to recall than a password like "Xy9!kR2P".
- Increased complexity. Passphrases naturally incorporate more elements of entropy, making them less predictable. This complexity is essential for thwarting sophisticated password-cracking tools.
Tips for Crafting Strong Passphrases
To harness the full potential of passphrases, it is important to create them thoughtfully:
To harness the full potential of passphrases, it is important to create them thoughtfully:
- Use uncommon words. Select a combination of four to eight uncommon words that are personally significant yet difficult for others to guess. Avoid using famous quotes or common phrases.
- Incorporate spaces and punctuation. Adding spaces between words, along with strategic punctuation, increases the complexity of your passphrase without sacrificing memorability.
- Capitalize strategically. Use capital letters for certain words or initials within your passphrase.
- Include numbers and symbols. Transform some letters into numbers (e.g., “E” to “3”) and use special characters to further strengthen the passphrase.
- Personalize your passphrase. Base your passphrase on a personal story or mnemonic device that makes sense only to you.
Although passwords can be a weak spot in cybersecurity, strong credential security and more complex password requirements, like using passphrases, can help banks and others better protect themselves against breaches.
