World Password Day 2022 - Tyler Moffitt, Sr. Security Analyst at OpenText Security Solutions shares best password security practices
Tyler Moffitt, Sr. Security Analyst at OpenText Security Solutions
Intel created World Password Day — the first Thursday of May(May 5) — to address the critical need for solid passwords. It's simple,really. We bring to you the easy way to create and store passwords and theparameters needed.
In recognition of World Password Day 2022, here are a few bestpassword security practices shared by Tyler Moffitt, Sr. Security Analyst at OpenTextSecurity Solutions to help protect your accounts from getting hacked.
TylerMoffitt, Sr. Security Analyst at OpenTextSecurity Solutions
Ineffectiveness of 8-characterpasswords
♦ It doesn't matter how randomized your password is or if it includes acapital/special character. What matters is length. The longer your password is,the stronger it will be.
♦ Passwords need to be as long as possible: The parameters people have of8-characters minimum is terrible because you can crack such passwords easily.
♦ Graphic cards are evolving and becoming better.
♦ Ex) The 2080ti graphic card (1 generation old! ) costs about $1000 percard. So if you buy 4 of them, that's a $4000 investment from a criminal, andyou put them together in a password cracking rig, you can crack 15-characters in15 hours using Hashcat
♦ How many people have 15-character passwords? How many times is the ITdepartment making that requirement for passwords to be super long?
♦ The recommendation for consumers and SMBs for creating long passwordswould be to include using phrases and incorporating spaces since everydifferent character you add, whether that be a letter, number, space, orspecial character, is an exponential increase in security.
♦ You could have the most random, jumbled 8-character password and yetthese passwords are no more secure than 8-character passwords consisting ofeasy to remember phrases.
Advice for SMBs
♦ Makes passwords longer and incorporate phrases (anything easilyrememberable for yourself)
♦ Do phishing simulations to find out who in your company is happy to handout their password.
♦ Humans are capable of remembering long phrases
♦ For business users, get APIs and hook in their password requirementswith these leaked passwords so they can make sure out of the billions ofpasswords leaked, that whoever is making the password, won't be using themand will be using something totally unique. (https://haveibeenpwned.com/)
♦ You can plug APIs into Google and chrome. These extensions notify youwhen a password has been used or leaked.
♦ You could also internally, discuss the secureness of passwords and askstaff to change their passwords if they are well-known.