Attacks such as ransomware attacks often start by manipulating employees. Therefore, insecure and weak passwords are an easy gateway for hackers. However, there are effective measures that companies can use to protect their data – above all two-factor authentication and a password manager.
The losses incurred by the German economy as a result of theft, espionage and sabotage have reached a record level: According to the Bitkom industry association, the total annual damage in 2020/21 has more than doubled to 223 billion euros compared to the same period last year. Incidents of extortion are primarily responsible for this increase: The damage caused by ransomware attacks has more than quadrupled (+358 percent) compared to 2018/19.
A large part of the attacks begins with the manipulation of employees, the so-called social engineering. According to Bitkom, criminals in 41 percent of German companies exploit the “human factor” as the supposedly weakest link in the security chain in order to gain access to sensitive data such as passwords. This development was favored by the increased switch to home office in the last two years due to the pandemic.
Passwords are cracked faster and faster
A problem that should not be underestimated is weak and insecure passwords.
Because hackers can crack the passwords faster and faster: According to a study by the US software provider Hive Systems, it was still possible to read a complex eight-digit password in eight hours in 2020. Today this can be done in less than an hour.
Hive Systems’ data is based on how long it would take a hacker to crack a password hash using a top-of-the-line graphics card and brute force methods, which means trying all possible cases. A “hash” is an encrypted version of a password that is reproducible with popular hashing software. For example, when the word “password” is hashed with MD5 software, it is visible as 5f4dcc3b5aa765d61d8327deb882cf99.
Simple sequences of numbers are particularly popular as passwords
A strong password is at least 16 characters—including uppercase and lowercase letters, numbers, and symbols, recommends Dan DeMichele, vice president of product management at LastPass. Only then is it suitable “as the first and most important line of defense against cyber attacks”. However, this tip is not heeded in many places. According to a study by web.de, almost every second German (49 percent) uses passwords with ten or fewer characters. In addition, many passwords are not secure: 44 percent of those surveyed use personal information – for example the dates of birth of family members, partners or friends (16 percent), anniversaries (15 percent) or the names or nicknames of children, partners, or pets ( 23 percent / 11 percent / 13 percent). According to the Hasso Plattner Institute (HPI) 2021, the number sequence 123456 was the most common, followed by “password”, 12345 and “hello”.
The reason for this lack of caution: Many users are “tired of passwords”, i.e. overwhelmed by more and more passwords that they have to think up and remember in everyday digital life.
It is also fatal that more than half of Germans (52 percent) use passwords more than once – for example for online banking transactions, digital administrative procedures, e-mail and social media. Five percent even use the same password for all accounts. If it is cracked, all other accounts are automatically at risk.
A strong and secure password…
… consists of special characters, numbers and upper and lower case letters as well as symbols.
… has at least 16 characters. The longer it is, the more time it takes to crack it. This deters hackers looking for a quick profit.
… is based on multi-factor authentication. Here, hackers have to overcome two levels of security before they can access the account.
… is automatically created and saved by a password manager. This helps remember multiple unique passwords and is more secure than writing them down or storing them on your phone.
… only needs to be updated if it has been compromised. This is where dark web monitoring from password managers like LastPass can help.
How companies can protect themselves
Not only large companies are a popular target for hackers. LastPass expert DeMichele warns that smaller companies also need to strengthen their cyber defenses and prepare for potential hacker attacks. One of the most important immediate measures is to enable multi-factor authentication (MFA): “MFA significantly reduces the risk of compromised passwords and provides another, much-needed layer of protection against attacks.” Using a tool to create and store passwords also increases their safety. According to a study by Hive, it would take hackers 3,000 years to read a 12-digit password created by a password manager.