Another account…another new, unique, hard to crack, extra-long; make sure you include numbers and symbols, and turn it into a passphrase, Password. And make sure you aren’t re-using any piece of any other password that you’ve created. Oh, and make sure you can remember it!

Ugh! The amount of thought that needs to go into a password is tiring, stressful and at times frustrating. Because guess what, in some cases, you may need to come up with a new one in 60 days for that same account. It feels like a never-ending cycle (mostly because it is).

And to top it off, Passwords can still be hacked, and can give hackers access to your accounts and organizations.

According to the Verizon 2021 Data Breach Investigations Report, 61% of breaches are attributed to leveraged credentials (i.e., login information like passwords).

How Passwords can turn into a Breach

But how can passwords that presumably only the owner knows turn into a breach? A few ways:

• Passwords are weak, or passwords follow a pattern that you might think is clever and hard to crack, but it’s not.
• Phishing scams lure people into sharing their passwords, or typing them into a spoofed website.
• Passwords leverage personal information, like a pet’s name – personal information is on your social media accounts, and can uncover your password.
• Automated password spraying (yep, sounds weird), allows a hacker to quickly and automatically try multiple password options in rapid succession.

But, some companies have been taking note. Microsoft, for example, has recently launched a password-less account option for its users. It started as a corporate initiative and recently rolled out to the general public. Instead of using a password to access their services, users are able to sign-in using one of four methods:

• Microsoft Authenticator app, which produces a unique numbered login every couple of seconds.
• Windows Hello, which uses facial recognition, a fingerprint or a unique pin to login.
• External security key, which is like a USB drive with stored login information.
• A registered phone number which will receive a verification code from Microsoft when logging in.

Options that focus on Cybersecurity

Four options, that focus on cybersecurity, while taking the headache and the potential access point of a password out of the equation. And, it’s pretty easy to make the switch:

• Ensure you have the Microsoft Authenticator app installed on your phone, and that it is linked to your account.
• Visit accounts.microsoft.com and log in to your account.
• Go to Security > Advanced security options. Scroll down to the Additional security section.
• Turn on the Passwordless account option. Follow the on-screen steps.

So, should you scrap all of the passwords that you’ve created over the years? Not quite yet. While some organizations are transitioning to password-less entry, it will take time for others to fully vet and adopt similar points of access.

Best Practices for Creating Unique Password

Which means, we still need to be hyper-sensitive when it comes to creating unique password and follow a few key best practices:

• Create a long password
• Include a combination of upper and lowercase letters, numbers and symbols
• Use a passphrase (combination of words that create an odd phrase)
• Create different passwords for each of your accounts (do not re-use passwords)
• Use words and phrases that are not personal (skip the pet names, kid names, birthdates, etc.)
• Keep them secret (i.e., don’t share your passwords with others)
• If you think you’ve been compromised, change your password immediately

Need Cybersecurity help NOW?  Contact us now at (628) 867-6130 or [email protected]. Intivix is your San Francisco-based expert cybersecurity team ready to get to work for you. 

The post Why Is Password-Less Access A Good Thing? appeared first on Intivix.