New Report Reveals 80% Data Breach Due to Bad Password Habits
Passwords have been around since time immemorial, and the idea behind them is solid. Being able to authenticate some one’s credentials based on a particular bit of knowledge they can produce at will is generally a viable method of doing things. However, the flow of information on the Internet and the advanced tools that undesirables have access to nowadays introduces a myriad of complications to that otherwise simple equation.
While that may point to a sad state of affairs, the fact of the matter is that online security is difficult to attain nowadays. Data breaches happen all the time, and they can happen to any private individual, service provider, government agency, or corporation - regardless of its size or the resources, it has at hand. The problem, one would think, is that there are just too many vectors of attack that hackers can exploit to gain access to valuable information.
While that’s not entirely incorrect, there’s a relevant detail that should not be ignored here. According to a Verizon report on the subject, nearly 80% of recent data breaches are a result of bad password habits. Basically, someone in an administrative position screwed up, and a hacker got access to their account, which they then used to access important information. And this is not a new development – researchers have noted the trend for a while now, and it has been consistent for at least three years in a row.
What does this mean?
Most breaches are caused by a user’s ignorance of or disregard for the dangers that lurk online. When an account is breached, it is usually either because the user set it up with a weak password and the hacker in question was able to crack it, or because the user fell prey to some social engineering trick.
Two common tactics that have proven very effective at breaching the security of corporations these last few years are the rainbow table attacks, and spear-phishing. Both require some dedication and research on the part of the cybercriminal, as well as some luck, but those two, as well as their variations, have enabled thousands of data breaches that we know of, and God only knows how many unreported ones, in 2019-2020 alone.
The bad news is that these tools and tactics are being employed by more and more bad actors, and are getting more sophisticated by the day. The silver lining is that, fundamentally, they rely on a user’s ignorance of or disregard for proper protocol. This means that educating the user on how to protect themselves from such depredations is a viable strategy to close off these two
most effective and prevalent vectors of attack.
How to Prevent Data Breaches by Using Good Passwords?
Use our guide to making stronger passwords to make sure your accounts are safe. Long story short:
- Never re-use passwords.
- Use long, complex passwords.
- Consider using a password manager to guarantee password security is impeccable.
How to Prevent Data Breaches by Means of Phishing?
The best way to prevent data breaches that happen as a result of phishing is to increase the users’ awareness of the danger and their proficiency at spotting fraudsters when said undesirables inevitably appear. This handy guide to not getting your password stolen by scammers
can be used to educate users on the details. In short, it boils down to:
- Always check the emails’ sender for any funny business.
- Don’t input your credentials into any page that you haven’t first carefully inspected and don’t completely trust.
- Don’t click on unsolicited emails.
- Don’t follow strange links, even in emails that you usually trust.
- Keep an eye out for odd user behavior.