February 8, 2024

ZaveIT Team

Why passwords alone are not enough!

Boost Your Digital Security: Why Passwords Alone Aren't Enough. Discover essential password hygiene tips and the necessity of multi-factor authentication (MFA) to safeguard your digital presence. From using memorable yet complex passwords to leveraging reputable password managers and embracing MFA, learn how to enhance your security against cyberattacks in the digital age. Secure your accounts beyond just passwords to protect against potential breaches and ensure your online safety.
Cyber Security
Backup
IT Business

Why passwords alone are not enough!

There has been a significant increase in cyberattacks against companies, private individuals, and interested parties in recent years. The criminals are where they find a market, and it is believed that the corona pandemic has exacerbated this largely – simply because other areas have not been as accessible.

It is well known that password leak is one of the common reasons we experience compromised accounts such as e-mail, social media, and the like. This is especially where we see a significant increase.

Password leakage means that prominent players with many user accounts get a data breach where criminals can obtain all or part of the database with username and passwords. These databases are typically sold or distributed to other criminals who begin to exploit them.

The passwords in these databases are correctly encrypted (hashed), but since they have an “offline” copy of these databases, they can calmly work on cracking (brute-force) these passwords.

The strength of the encryption (hash) determines how long this takes, but in theory, they will crack each hash depending on the number of computing resources.

It is essential to protect yourself adequately, and we know that passwords alone are not enough!

Password hygiene

1. A password that is easy for humans to remember but difficult for computers to guess

A few years ago, we said that a good password would consist of a random combination of lowercase and uppercase letters and special characters. Preferably as cryptic as possible. Minimum 6 or 8 characters.

An example of such a password is q4Xc63a!

For 20 years, we have taught users to create passwords that are difficult for humans to remember but easy to guess for computers (see ingress image).

What if we instead use the following password: I want to be secure

Compared, this password is 19 characters against 8 in the first. The password is much longer and takes exponentially much longer to crack. Finally, it’s much easier to remember!

We can quickly advance by adding spaces: I want to be secure.

Then the password is 29 characters, without significantly harder to remember!

2. Use different passwords in different places.

You have probably heard the advice to use different passwords in different places many times. But this is the underlying reason why this type of attack has such a significant intervention.

Imagine that you have a fixed password that you use in most places. You use it on e-mail, online banking, the alarm company on social media, and more. Potentially, you might be able to tell 20-30 places where you have the same password.

If one of these sites gets a password leak, you are potentially compromised everywhere, and an attacker could do significant damage.

This advice is, of course, very demanding. Remembering 20-30 different passwords later to be an impossible task, but this is where the following advice comes with a solution.

3. Use a password manager

A password manager is a service/software that keeps track of your passwords. You create an account and create a strong “master” password. Do not use this password anywhere else.

Then store the passwords of the other services in the password manager. The password manager is often integrated with the browser, making it easy to autofill the password when logging in to various services.  

Also, be sure to change the passwords of the various services to unique solid passwords.

The password manager often has a feature to generate random strong passwords for you. This means that you do not have to deal with these passwords or what they should be. This makes it easy to have different passwords on different services without inventing a new password every time – the only thing you must remember is your “master” password.

The password manager often has several other helpful functions that give you advice if they think you have a weak password, such as detecting if passwords you are using have been leaked.

Some will probably ask themselves, “Is it a good idea to put all the passwords in a password manager? What if there is a leak there?”

The answer is that a good password manager has excellent functions to secure against this. Thus, the probability is microscopic compared to continuing as before.

There are many different password managers, and it is essential to choose good and reputable ones. I do not want to point out specific services in this article – do some research and consult with experts.

Multi-factor authentication (MFA)

If you follow the advice regarding password hygiene, you are much better equipped than if you had not done so. But as the title of this article suggests, passwords alone are no longer enough to be safe.

The only way to be safe “enough” today is to use multi-factor authentication. This means that you use other factors to log in to a service. It can be an app-based solution, SMS, BankID, or something else.

This means that an attacker will not be able to log in to your account with only passwords. The banks have been doing this for years (with BankID), and we consider these safe.

Multi-factor authentication depends on the service in question, and different services support different solutions. Some services do not support it (yet). Therefore, password hygiene is just as important anyway – At least make sure to have multi-factor authentication on the essential services and where possible.

Related articles

Go to blog
The Strategic Advantage of Managed Services
April 19, 2024
Managed services are the cornerstone of modern IT strategy for Resellers and MSPs. They offer a multitude of benefits that can lead to new growth opportunities and operational excellence. If you’re looking to enhance your service delivery, reduce costs, and stay competitive in a fast-paced market, managed services are your answer.
Read more
The power of volume, ladder, and tier pricing
April 18, 2024
Learn about the advanced volume, ladder, and tier pricing strategies. Read about the benefits of incentivizing bulk purchases, enhancing customer loyalty, and adapting to market demands. Explore use cases in cloud storage and IT consultancy to see how flexible pricing can drive growth and customer satisfaction.
Read more
IT Management Platforms: ZaveIT Among the Front Runners
April 16, 2024
ZaveIT: Leading the Way in IT Management for Resellers & MSPs. Embrace the power of ZaveIT, a premier SaaS platform designed for IT resellers and MSPs, offering centralized control, enhanced security, and seamless integration capabilities. Discover how ZaveIT revolutionizes IT management with comprehensive oversight, robust security features, and customer-centric solutions, ensuring scalability and efficiency for a competitive edge in the digital landscape.
Read more
Business Integrations: ZaveIT’s Edge in IT Reselling & MSP
April 16, 2024
ZaveIT: Redefining IT Reselling & MSP Operations with Advanced Integrations. Embrace the future of IT business with ZaveIT's cutting-edge API-based integrations, designed to connect disparate software systems seamlessly. Discover how distributor integration, CRM & ticket system synchronization, and accounting system compatibility can streamline your operations, enhance efficiency, and foster scalability. Join ZaveIT to unlock a unified, agile digital ecosystem for your IT reselling or MSP business.
Read more
ZaveIT logo
+47 457 32 600
hello@zaveit.no
Lunnerlinna 34, 2730, Lunner, Norway
Vestsidevegen 221, 3522, Bjoneroa, Norway
Møllergata 6, 0179, Oslo, Norway
© 2024 ZaveIT AS

Our platform

Sales channels
Customer portal
Products
Services
Sales management
Automation

Our products

Backup management
Vulnerability scan
Ticketing

MarketplaZe

MarketplaZe overview

Solution

IT service provider
nLogic customer case

Resources

Blog
Documentation
Privacy policy

Company

About us
Career