What Are Password Security and Protection?

Nonunique passwords may pose the biggest threat to security. When a password is reused across multiple logins, the hacker who gains access to a single user account will have access to all of that user's accounts.

Passwords that consist of characters such as "1234" or "password" are surprisingly common. Cyberattackers know that users may choose these easy-to-guess passwords and can use this knowledge to easily breach networks and applications.

Users may believe that using information such as names, birth dates, and birthplaces will help them remember passwords. But cybercriminals view this practice as a valuable tool for their exploits. Attackers can often find this personal information on social media or in public records.

The practice of replacing letters with numbers in passwords—such as replacing "E" with "3," for example—is well known. Hackers can use this knowledge to guess passwords.

Using and managing passwords has become a challenge for users as well as IT and security teams. Protection from cyberattacks is only as strong as the weakest link. It's important that users understand the impact of their password security practices.

Requiring users to change passwords on a regular basis is one of the easiest and most effective ways to increase the security of passwords. Enterprise management systems can require users to change passwords on a set schedule. They can also prevent them from reusing passwords or adjusting a few characters to create a new one.

As stewards of credentials for users, verifiers must store passwords in the most secure way possible. One strategy is to avoid storing passwords in plaintext format, which attackers can easily read. Furthermore, never store your credentials in a browser.

Hashing and salting are methods of encoding passwords within larger strings generated by a password management solution, which translates them back to usable passwords when needed.

Stored passwords should always be hashed with a robust formula and encrypted. In some industries, such as financial services, password hashing and encryption are required by law. To increase security further, some verifiers may impose other measures, such as a maximum number of password attempts before lockout, timed sessions requiring re-entry of credentials, or multi-factor authentication.

Passwords should be at least 10 characters in length. They should also contain a combination of upper and lowercase letters, numbers, and special characters.

Multi-factor authentication (MFA) is a security process that requires users to respond to requests to verify their identities before they can access networks or other online applications. MFA may use knowledge, possession of physical objects, or geographic or network locations to confirm identity. When MFA is enabled, never give your password or MFA passcode to anyone over the phone or accept an MFA push notification that you did not request.

• Learn about Cisco MFA

When users want to change passwords or recover forgotten passwords, challenge questions (which ask for correct responses to questions known to the user) can provide further confirmation of a user's identity. For example, a challenge question might ask for a mother's maiden name or the name of a user's first car.

Instead of having users store or remember complex passwords, biometric passwords provide physical proof of identities using devices that scan attributes such as fingerprints, faces, and voices. Requiring fingerprint or face scans has become a common security practice on smartphones.