To access user profiles or sensitive information on the internet, you typically need to make and remember—or store in an online password manager—a specific passcode for your account. Over the past few years, most of the programs and applications that you log into have started requiring multi-factor authentication or two-factor verification. Why isn’t a passcode enough security anymore?
Cybersecurity experts and cybercriminals are locked in a constant arms race. As technology improves, so do the weapons hackers have at their disposal. We have to adapt how we encrypt and secure our information to keep up.
Even a “Strong” Passcode is Guessable by a Powerful Computer
Passcode “strength” comes partly from using a variety of characters besides alphanumeric ones—“special” characters like “@” and “%”—and partly from length. This is to increase the amount of time that a computer would have to spend running through possible combinations of characters so much—potentially thousands of years—that the passcode would be functionally impossible to crack. But advancements in computing technology have already increased the speed at which a hacker can figure out your passcode. As quantum computing technology improves, the complexity of passcodes will need to improve as well, but that just perpetuates the arms race between security experts and hackers.
Most People Use the Same Passcode in Multiple Places
As of May of 2020, 53% of people use the same passcode for multiple accounts. Which means that, once a hacker has your passcode, they now have access to multiple accounts on different platforms, some of which may contain extremely valuable information to a cybercriminal. Financial institutions, hospitals, and law firms are held to higher standards than companies like online streaming and shopping services when it comes to cybersecurity. But if you use the same passcode for your Netflix profile as you do for your banking account, you’ve just significantly downgraded the security of your financial information.
Advanced Phishing Tactics Make Getting a Hold of a Passcode Easy
91% of successful data breaches start with a spear phishing attack. Spear phishing attacks are highly targeted attempts to trick a victim into thinking that a hacker is actually someone they know and trust, and the hacker uses this trust to trick the victim into divulging sensitive information, like passcodes. Even well-trained employees can fall for spear phishing if the hacker is convincing enough in their social engineering. And as soon as a hacker has obtained a valid passcode, they can start wreaking havoc on your network.
Passcodes Are, Too Often, Permanent
Another weakness of passcodes is the fact that they are rarely, if ever, changed. Some companies have monthly, quarterly, or yearly policies requiring employees to create new passcodes. But this still provides a large window of time during which a compromised passcode is still valid. A passcode that is never changed and gets used for multiple accounts is extremely valuable to a hacker.
What You Need in Addition to a Passcode to Mitigate Your Cybersecurity Risks
For these reasons and more, passcodes just aren’t enough to keep you and your company secure anymore. Multi-factor authentication (MFA) is one of the best ways to add a layer of security to your passcode. The code generated by a MFA app expires quickly, and it isn’t transmitted via an unencrypted channel like text.
When there is an option for two-factor verification via text or email, but not for MFA, it is still a good idea to opt-in to two-factor verification. Texts and emails aren’t as trustworthy as an MFA app, but it will still reinforce your passcode. Additionally, Security Awareness Training for you and your staff can help prevent phishing attacks from compromising passcodes in the first place. Learn more about your options for staying secure in a post-passcode era.
Kate Lewis
Marketing & Sales Coordinator
Digital Agent
