With the recent arrival of the General Data Protection Regulations (GDPR), the issue of customer data, and more specifically, data protection, has been at the forefront of everyone’s mind. Data breaches are always big news and negative publicity for the companies involved. And if recent events are anything to go by, no one is safe, even tech giants like Facebook.
Yet when it comes to protecting their accounts, it is often the case that your customers are their worst enemy. Poor quality passwords leave their accounts vulnerable, yet when there is a security issue, your company is blamed. So, what can you do to help your customers help themselves?
Despite data breaches making the news, many people are still woefully slack when it comes to passwords. TIME Magazine reported that in 2017, no less than 150,000 Americans thought 123456 was a good password, with almost as many using the word password itself. Other common options included the lazy qwerty, letmein and even the romantic but ill-advised iloveyou.
All these passwords are laughably predictable and easy to crack. What’s more, researchers found that most people only use two or three passwords at most, despite having lots of different online accounts covering everything from their social media to their online banking. So, if you hack one account, you can hack them all.
As companies, we have a responsibility to educate people on password strength, and there is plenty of advice about protecting passwords to be found in trusted online webs. Some sites try a nudge approach by rating the strength of the user’s password in the hope of encouraging them to use something else. Better still and perhaps a more effective approach is to insist on a longer, and therefore, stronger password.
The longer the password, the harder it is to crack, especially if it is alphanumeric with special characters. The mathematics shows us that an alphanumeric password has 62 possible characters (26 lowercase, 26 uppercase and 10 numbers) creating 58.8 billion possible combinations of six characters. It might sound safe, but it would take a computer trying 1 million possible combinations per second, under 16 hours to try them all, and chances are it would happen across the right one much faster than that.
However, when you up this by two to eight characters, it would take the same computer almost seven years. Increase it to 10 characters, and this becomes 26,500 years, with 12 characters taking an epic 102 million years. Add in special characters, and those time frames get even bigger, approaching a billion years for a 12-digit password with letters, numbers and special characters.
If your company still allows six-character passwords, of all numbers or all letters, then chances are a large proportion of your customers will choose 123456, which is as quick to crack as it is to type. Increasing the length of your password requirement is a quick and easy way to encourage increased account security among your customers. Not only will it make individual accounts safer from hackers but it will also protect your company from the potential negative publicity that goes with it.