How to Protect Your Business From the 3 Most Common Password Attacks

Hooded figure typing on a computer with a large digital lock on it.

Over 50% of business executives reported being hacked in 2016 according to a survey done by The Hartford Steam Boiler Inspection and Insurance Company. The survey also reported 72% of these business leaders spent over $5,000 in recovery and damage fees.

If your business has not yet been hacked, the easiest way to quickly boost your company’s cybersecurity is to improve your passwords. According to a study by Forrester for Centrify, 80% of all cybersecurity breaches involved a stolen or weak password. The 2012 LinkedIn password breach is a prime example of password attacks and the importance of proper security.

To create and manage passwords that are almost uncrackable, you need to know how the three most common strategies attackers use to crack your passwords work.

1. Password Attackers Play a Guessing Game

Password guessing is the first strategy attackers use because we are so predictable. As a witness to how predictable and lazy humans are with passwords, SplashData annually publishes a list of the most common passwords in an effort to encourage us to create better passwords. Among the top ten on the list were 123456, Password, qwerty, letmein and admin.

If you don’t use any of the above passwords, great! But if an attacker knows you, they may have even more luck guessing your password—especially if you use a date of birth, street address, graduating class year, anniversary, names of partners or pets, phone number, or social security number as part of your password.

2. Password Attackers Look Up Your Password in the Dictionary

If a hacker had little success guessing your password, their next strategy is to use the dictionary. Just like it sounds, a dictionary attack uses a bot to crack your password by using words found in the dictionary. However, you can easily thwart this kind of attack by using a misspelled word or even a combination of two words or more.

A dictionary attack can also refer to a hacker using exposed credentials from a data breach to crack your password. So if you’ve been notified by any of the platforms you use of a recent data breach in their system, change your password immediately.

3. Password Attackers Use Brute Force

The next strategy attackers use is brute force to crack your password, using a program to randomly guess all the possible combinations of your password. This process can take a long time—but the shorter and simpler your password is, the easier it is to crack.

For example, according to ITworld, a six-character password with no special symbols has 2.25 billion possible combinations and can be cracked with an online app in 3.7 weeks, (given that it can guess one thousand guesses per second. But add a symbol, and that same six-character password will take over two centuries to crack. Any password can be cracked—the only thing you can do is to make sure that time is on your side.

How to Stop Hackers from Cracking Your Business Data

Second to your employees, your passwords are your weakest cybersecurity point. Now that you know how the most common strategies for password cracking work, you’re prepared to make and manage better passwords by doing the following:

  • Use a unique password for every account.
  • Don’t create a string of passwords that are the same except for one letter or number.
  • Make passwords over ten characters long, preferably with a special symbol such as @#$%.
  • Sign up for a password manager such as LastPass or TeamsID.
  • Enable two-factor authentication (2FA) whenever possible.

It may be an overused proverb, but in the case of cybersecurity and password attacks, an ounce of prevention truly is worth a pound of cure. Updating your passwords to be more secure as well as investing in a password management system may be a tedious task now, but it is worth the work and investment in the face of the damages you will incur if your business data is ever breached.