Password security: The staggering gap in a highly technological society

When technology took a leading role in our lives, passwords became the standard way of authenticating access to digital services and systems. However, as we are turning into a society increasingly dependent on constantly-evolving technology, it is a paradox that password security, although crucial, still lies miles behind the technology it should be guarding.

Hacking statistics are a daily worry for companies and individuals, with experts indicating that cybercrime will grow by 15 percent per year, reaching $10.5 trillion annually by 2025, up from the already impressive $3 trillion in 2015. Only last year, the global cost of cybercrime reached $6 trillion, a sum that equals a global economy of its own and would represent the third largest GDP in the world, ahead of Japan, which has a nominal GDP of $4.94 trillion, and following the United States and China, heading the list with over 19 and 12 trillion respectively.

Password uniqueness

Security breaches often reach media headlines, but strong and unique passwords are usually the exception. In often fast-paced routines, people lean into easy-to-remember codes or complex passwords that get re-used, resulting in weakened safety once and again. Research done by the Cybernews Investigation team found that only 2,2 billion passwords of the over 15 billion they analyzed were unique. The investigation also shows how people create passwords, with a tendency to choose easy-to-recall things such as favorite sports teams, cities, food, and even curse words that are far from making the password unique and therefore secure.

The increasing tendency of remote work since the start of the Covid-19 pandemic has opened inroads for cyberattacks that have placed remote workers among their top victims and increased security breaches across the world, with over 22 billion records exposed only in 2021. So, at OpenAthens, we have recently taken a closer look at our password policy and implemented new enhancements, enforcing stronger passwords to meet our requirements around protecting client and user accounts even further.

There is a tendency to believe that increasing password complexity results in strong and difficult-to-crack passwords. We are used to seeing a combination of numbers, symbols, and upper and lowercase passwords that are as difficult to remember as short and weak. It is necessary to differentiate between complexity and strength, as making a password more complex alone does not necessarily mean it is stronger.

Choosing the right password

Studies show that 95% of cybersecurity issues can be traced to human errors therefore, education and awareness can exponentially improve account safety and reduce risks by teaching basic knowledge, such as how to identify phishing scams, how data is tracked, and how to use strong passwords.

Over the years, password requirements have evolved, and it has become clear that it is possible to hack any system, regardless of the authentication method. While there is an ongoing debate among experts on what matters the most, if length or complexity when it comes to creating a strong password, what is certain is that there are different ways to ensure the chosen password is difficult to crack. So how to choose the best password?

A combination of both length and complexity seems the best way to secure your account:

• Complexity: It is key to build a strong password with a certain level of complexity, including alphanumerical characters, as well as upper and lower cases. Adding symbols, punctuation, spaces and even misspellings to the words are good practices to help reduce the risk of guessing the password.
• Length: The shorter the password is, the easier it is to break. Short passwords are more predictable, with eight-character options no longer being a safe enough option. Passwords of at least 10 characters are the general recommendation, and passphrases made of at least 14 characters that include spaces are on the rise.

Go the extra mile

Passwords are here to stay, although with time every single one of them could be cracked. This is why it is convenient to add an extra layer of security through Two-Factor-Authentication (TFA), which includes an extra key, card, tablet, or phone to prove the identity after introducing the username and password or via encryption, two of the biggest barriers to hackers.

Another option is to reduce the number of accounts you have online by using a Single Sign-On (SSO) system such as OpenAthens. This allows librarians and providers to facilitate secure access to products and services without the need to create additional sets of log-in credentials for each system and allows users to sign in and access information without unnecessary barriers.

Password managers or vaults like LastPass and Dashlane are also great ways to generate and store encrypted passwords online. Password managers not only help to remember all the new strong and lengthy passwords -without falling into the common mistakes of writing the password down or simply forgetting it-, but they also help promote creating unique passwords for each site or application. The software includes plugins for browsers, and is designed to help the user experience while storing passwords for all sorts of accounts.

There is a hacker attack every 39 seconds, which means that while you were reading this article, there were at least four cyberattacks. The key measure to fight for our data safety lies in our hands. Or even better, in a good and responsible password policy.