Password hygiene burst into the spotlight last week after Twitter Inc. found a bug in its systems that exposed passwords in plain text.
Luckily for the social networking giant, there doesn’t seem to be any cyber criminality at play. The firm announced passwords were only exposed internally and said there’s “no indication of breach or misuse by anyone” or any “reason to believe password information ever left Twitter’s systems.”
Twitter advised users to change passwords, with the hope that would spell the end of the unfortunate saga. But the fact remains, despite “no indication of breach” this time, Twitter or any other company in a similar situation may not be so lucky next time.
Password security is absolutely essential in today’s increasingly digital world. A weak password is one of the key gateways cyber criminals can use to access personal or private data and cause some real problems.
Coalition, a technology-enabled cyber insurance platform, has shared some top password hygiene tips with Insurance Business to help people proactively mitigate their password-related cyber risk.
Good password practices sound simple and straightforward – and that’s because they are. The first tip offered up by Coalition is never to re-use passwords. As creatures of habit, a lot of us use similar passwords on our social media platforms, subscribed websites and our bank accounts. Hackers know this trend and actively go after easy targets.
Secondly, it’s important to use strong passwords. Coalition blog author Alex Becker wrote: “It’s extremely easy for a hacker to write a program that tries to guess your password 1,000 or even 1,000,000 times per second. That means a hacker can easily try every word in the dictionary, every city, state, person or team name, and every possible birthday or anniversary. You may have been told to use a mix of capital and lower-case letters, numbers and symbols. In practice, most people will change ‘o’s to ‘0’s or add a ‘1’ or an ‘!’ to the end of their password. This will not save you; hackers will guess that too.”
To beat this problem, the cyber insurer advises people to use password managers that set and track randomly generated passwords, which are much harder for hackers to pick apart and much more cyber secure.
For a business that manages user accounts and passwords, the cyber liability risks are even greater. Coalition advises these companies not to store passwords and to enable ‘password hashing’ – a system that uses algorithms to create "hashes" from passwords that can be stored and used to verify a user's password. It’s also important to require strong passwords (those not including common passwords, dictionary words etc.), and to limit log-in attempts.
“Taking these basic precautions, or requiring them of your users, requires little effort, but provides enormous returns,” Becker concluded.