There are multiple measures you can take to protect yourself from brute force attacks and similar attempts to overthrow your business. Using well-considered login credentials is the simplest way to prevent such security incidents. In this article, we share our best practices on this subject.
A brute force attack is a simple, yet effective method used by hackers attempting to crack login credentials and encryption keys by trial and error. If successful, the attackers could gain unauthorized access to individual accounts and organizations' systems and networks.
Consider the usernames
When choosing usernames or email addresses, we might be tempted to go for the easiest options. However, we should keep in mind that the easiest options are usually the most commonly used. This has the consequence that hackers tend to try these exact usernames.
Here’s a selection of the top 20 brute forced usernames:
- admin
- user
- test
- support
- guest
Source: Security Spaceballs: The top attacked usernames and passwords
Many businesses use firstname.lastname[at]business.com when they set up their company email addresses. This, too, facilitates for the hackers if they get a hold of the employees’ names which can be obtained from open sources such as LinkedIn, relating them back to the organization.
Once the attackers crack the username, they’ve solved 50 % of the puzzle. Since it could be justified to use, for example, support[at]brand.com or firstname.lastname, we can protect ourselves with thought-through, secure passwords.
Create the strongest passwords
What defines a strong password, then? In short, a strong password is long and complex enough to withstand hackers and brute force attacks—for a sufficient time. It contains a mix of both upper- and lowercase letters, numbers, and special characters or symbols.
The table below, put together by Hive Systems, shows how long it takes to crack passwords of different strengths. Based on this table, we’d recommend creating passwords of at least 16 characters. By using a unique passphrase, consisting of several words instead of one, you make it easier to memorize and remember the password. Make sure to add “enough” complexity and you’re set.
Source: 2023 Hive Systems Password Table
Abbreviations: k = thousand, m = million, bn = billion, tn = trillion
Generate a passphrase
Start off with a few objects you can remember, such as Cookie, Hair, and Plate. Put these together into one phrase: CookieHairPlate—and there’s your passphrase. Now simply mix in the required numbers and special characters:
HairY!?co0kie*4_on9/a+PLatE
Keep in mind that adding “123!” to the end of a passphrase does nothing to make it more secure. It takes a little more thought.
Last but not least: Protect your passwords by storing them in a password manager or the like, and not “out in the open”.
Comments
0 comments