
To access user profiles or sensitive information on the internet, you typically need to make and remember—or store in an online password manager—a specific passcode for your account. Over the past few years, most of the programs and applications that you log into have started requiring multi-factor authentication or two-factor verification. Why isn’t a passcode enough security anymore?
Cybersecurity experts and cybercriminals are locked in a constant arms race. As technology improves, so do the weapons hackers have at their disposal. We have to adapt how we encrypt and secure our information to keep up.
Even a “Strong” Passcode is Guessable by a Powerful Computer
Passcode “strength” comes partly from using a variety of characters besides alphanumeric ones—“special” characters like “@” and “%”—and partly from length. This is to increase the amount of time that a computer would have to spend running through possible combinations of characters so much—potentially thousands of years—that the passcode would be functionally impossible to crack. But advancements in computing technology have already increased the speed at which a hacker can figure out your passcode. As quantum computing technology improves, the complexity of passcodes will need to improve as well, but that just perpetuates the arms race between security experts and hackers.
Do you know the biggest cybersecurity risks to businesses in 2021?
Most People Use the Same Passcode in Multiple Places
As of May of 2020, 53% of people use the same passcode for multiple accounts. Which means that, once a hacker has your passcode, they now have access to multiple accounts on different platforms, some of which may contain extremely valuable information to a cybercriminal. Financial institutions, hospitals, and law firms are held to higher standards than companies like online streaming and shopping services when it comes to cybersecurity. But if you use the same passcode for your Netflix profile as you do for your banking account, you’ve just significantly downgraded the security of your financial information.
Advanced Phishing Tactics Make Getting a Hold of a Passcode Easy
91% of successful data breaches start with a spear phishing attack. Spear phishing attacks are highly targeted attempts to trick a victim into thinking that a hacker is actually someone they know and trust, and the hacker uses this trust to trick the victim into divulging sensitive information, like passcodes. Even well-trained employees can fall for spear phishing if the hacker is convincing enough in their social engineering. And as soon as a hacker has obtained a valid passcode, they can start wreaking havoc on your network.
Passcodes Are, Too Often, Permanent
Another weakness of passcodes is the fact that they are rarely, if ever, changed. Some companies have monthly, quarterly, or yearly policies requiring employees to create new passcodes. But this still provides a large window of time during which a compromised passcode is still valid. A passcode that is never changed and gets used for multiple accounts is extremely valuable to a hacker.
What You Need in Addition to a Passcode to Mitigate Your Cybersecurity Risks
For these reasons and more, passcodes just aren’t enough to keep you and your company secure anymore. Multi-factor authentication (MFA) is one of the best ways to add a layer of security to your passcode. The code generated by a MFA app expires quickly, and it isn’t transmitted via an unencrypted channel like text.
When there is an option for two-factor verification via text or email, but not for MFA, it is still a good idea to opt-in to two-factor verification. Texts and emails aren’t as trustworthy as an MFA app, but it will still reinforce your passcode. Additionally, Security Awareness Training for you and your staff can help prevent phishing attacks from compromising passcodes in the first place. Learn more about your options for staying secure in a post-passcode era.
Interesting links
Here are some interesting links for you! Enjoy your stay :)Pages
- About
- Acceptable Use Policy
- Areas We Serve
- Blog
- Business Internet
- Business Internet Options
- Business Phone
- Business Phone Service
- Business Phone Systems
- Careers
- Channel Partner Program
- Channel Partner Resources
- Cloud
- Cloud Migration
- Contact Us
- Cybersecurity
- Dark Web Monitoring
- Data Backup and Recovery
- Extended Terms
- HaaS
- Homepage
- IDS/IPS
- ILD Rates
- Industries We Serve
- IT Consulting
- IT Support
- Managed Colocation
- Managed Internet
- Managed IT
- Network Engineering
- Our Services
- Partners
- Privacy Policy
- Security and Compliance
- Security Awareness Training
- Terms And Conditions
- The Leadership Team
- We Empower Success
- Cybersecurity Spear Phishing Quiz
Categories
Archive
- January 2023
- December 2022
- November 2022
- October 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- June 2019