Cybersecurity topics like data breaches and encryption are hitting the headlines every day, so it’s no wonder that password security has become a hot topic in mainstream news.
Recently CNBC tried to educate people about the importance of strong, unique passwords. Unfortunately, they missed the mark on execution by creating a site that collected and analyzed reader passwords. The bad news for readers who used this site? It wasn’t encrypted, and it even sent the passwords to a Google spreadsheet. (And we’ve all seen the message, “Never submit passwords through Google Forms.”) The tool also inaccurately portrayed how long it would take to crack the passwords, giving readers the wrong idea about how secure their passwords really were.
This not-so-helpful tool exposed readers’ passwords to innumerable parties across the Internet, including CNCB and third parties affiliated with their site. The worst part is, most readers probably don’t realize that their passwords have been exposed, when in reality they should be changing all of their passwords immediately. We know from our Market Pulse Survey that nearly two thirds of workers reuse passwords across multiple apps, so this consumer data exposure also puts enterprises at risk.
If you want to understand how password entropy affects security, sites like ‘How Secure Is My Password?’ provide real-time feedback about how length and complexity impact a password’s overall security, with the obvious caveat that you should NEVER type your actual password into a website like this.
This site provides a useful visual for password entropy, with helpful hints on how to make passwords stronger. For example, a letter-only password with eight characters can be cracked by a computer making 4 billion guesses per second in three hours. Fortunately, increasing characters and complexity makes a huge difference in security, with 12-character passwords taking anywhere from 3,000-344,000 years to crack, depending on complexity. Clearly that level of security is worth the extra few characters.
This unfortunate mistake is a good reminder to never share your passwords online, with others or across apps, and to also reconsider the password policies at your organization. If all else fails, I’ve provided some easy password tips that even tech beginners can understand.