Passwords, the Achilles heel of cybersecurity

Passwords, the Achilles heel of cybersecurity
Passwords, the Achilles heel of cybersecurity

As the Olympic Games and European elections approach, cyberattacks will intensify. One of the main causes of their success is a weak or stolen password.

Last February, third-party payment operators Viamedis and Almerys alerted their more than 33 million policyholders that they had been victims of a major cyberattack. At the origin of this breach, the usurpation of health professionals’ identifiers and passwords.

This security flaw highlights the importance of strengthening the protection of login credentials. A study carried out in the United States indicates that 63% of data thefts were successful because of a weak default password or one stolen before the attack. Securing passwords, the first line of defense between our sensitive data and cybercriminals, is far too often neglected.

1 second is enough to break a password made up of letters

If in 2020, it took almost 8 hours to decrypt a password including uppercase, lowercase, symbols and numbers, in 2023, this task would only take 5 minutes. This speed of decryption can be explained by the use, at home and at work, of simple combinations such as “12345”, “login”, or even the use of personal data as a password (birthday date , name of pet, first name of children, etc.). The frequent sharing of this information on the web via social networks facilitates the work of hackers.

On the other hand, a study reveals that 31% of users have never changed their passwords since they were created. Added to this bad habit is that of reusing the same password across several platforms, personal and professional, and their hazardous saving on digital devices or post-it notes. So many practices which accentuate the vulnerability of personal data, but also that of the company of the employee concerned.

What technologies to protect yourself?

Passwords can be resold by hackers to third parties or used to initiate new attacks, resulting in the theft and resale of confidential data, ransom demands, or even the carrying out of unauthorized banking transactions. In the case of compromised email or social media accounts, these can be used as vectors to spread malware and scams by impersonating the user.

To prevent these risks, some Internet users implement password salting, the practice of adding a random string of characters to passwords before submitting them to the hashing algorithm, making them more secure. Other tools, such as the password manager, act as a digital safe by storing and securing all login credentials.

Training, the keystone of data security

To reduce the vulnerability of users, it is essential to train them in good cyber practices. Limiting the risks of compromising identifiers requires robust passwords comprising more than twelve alternating characters (letters, numbers, and special characters), completely anonymized and unique, renewed frequently, or even designed by a password manager. These practices should be taught and acquired from an early age, and throughout life.

Although initiatives have been put in place by the government in schools to strengthen students’ critical thinking and skills in this area, this awareness raising must continue in businesses. They have a responsibility to secure the data of their employees and their users.

Faced with the increase in password theft, what will their future be? Will authentication via biometrics replace them? This technology, which is based on human physical or behavioral traits, offers a higher level of security and practicality. In the relatively near future, passwords may only serve a supporting role in biometrics, providing an additional layer to authentication.

-

-

PREV Swiss Label in Lausanne in September for an 11th edition
NEXT Apple’s 7 tips for properly charging your iPhone