How to defend your business against password theft 

The widespread use of email, text messaging, and messaging apps has opened a virtual door for criminals looking to commit cyberfraud. But first, fraudsters must breach the sign-in systems that protect your computer network. They often try two primary methods: password theft and password attacks.

Key concepts

In this article, you’ll learn how to:

  • What makes password theft different from password attacks
  • How companies protect their systems from unauthorized access
  • Strategies you and your employees can use to keep passwords—and networks—safe

Video: An introduction to password theft

Component ID : "accordionGridLayout-791023577"
Model : "disclaimer"
Position : "left"

[Fraud prevention 101: Password theft] [Truist logo]

[Password theft: Set companywide guidelines to make sure passwords are harder to compromise.]

Narrator: Password theft happens when hackers get username and password combinations from less secure sites, then use these passwords to make purchases, move money, or steal data.

[Password theft: /Ꞌpas•wərd theft/ noun 1. The action or crime of stealing someone’s electronic credentials.]

Narrator:

Strong password security defenses keep your employees and company safe.

Promote best practices by requiring teammates to create secure, unique usernames and passwords for every online account they use. 

[Create secure, unique usernames and passwords for every online account.]

[Best practices are key to your company’s security.]

 

Truist [logo]

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Truist Bank, Member FDIC. © 2024 Truist Financial Corporation.

Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

Password theft versus password attacks

If someone’s looking to steal passwords, they’ll likely try theft, attack, or both. And although the results are similar—a breached network—it’s important to understand how these methods differ so you can set up the proper defense and response.

Password theft happens when fraudsters use social engineering tactics like corporate phishing to trick your staff into providing sign-in credentials or clicking on malicious links. With this method, your employees are the target, and training them to spot and avoid scams is the best defense.

On the other hand, password attacks happen when hackers use automated programs to crack sign-in credentials and infiltrate authenticated sites. Hacker software can try 2.18 trillion password/username combos in just 22 seconds.Disclosure 1 With this method, your company’s gated systems are the target. 

Good news: Multifactor authentication can thwart password attacks.

81% of hacking-related breaches start with weak or stolen passwords. For companies that rely on passwords alone to secure their networks, this is a sobering statistic. Fortunately, there are proactive solutions. Multifactor authentication (MFA) adds a strong layer of defense to stop would-be attackers in their tracks. In fact, up to 99.9% of modern automated cyberattacks can be blocked by MFA.Disclosure 2

How are companies protecting access to their systems?

  • 58% use password-username combos
  • 47% use mobile push-based MFA
  • 31% use biometrics like fingerprint or face recognitionDisclosure 3

Case study: Meta develops innovative privacy-enhancing technology for stronger password protection.

Meta’s Enterprise Center is rolling out cutting-edge password security. Its private data lookup (PDL) automatically cross-checks all user-proposed passwords against a set of passwords previously exposed in data breaches. If a user suggests a password that’s been compromised in the past, the system provides an alert and prompts them to choose a different one.Disclosure 4 This prevents users from choosing exposed or overly common passwords.

Best practices and prevention

When it comes to cybersecurity, an ounce of prevention is worth a pound of cure. Here are some proactive ways to protect yourself and your employees against password theft and other password attacks.

Educate staff on password theft tactics and how to respond.
Since social engineering is one of the most common password-stealing techniques, train your employees to spot, dodge, and report phishing attacks. Also, provide clear instructions on what to do if they suspect their password has been compromised so they can act quickly when it counts.

Encourage strong password hygiene across your organization.
How do you create gold-standard passwords that would take more than 481,000 years to crack?Disclosure 5 Mix uppercase and lowercase letters with numbers and unique symbols, choose passwords 18 characters or longer, and exclude personal information like a pet’s name. Also, don’t reuse passwords, change them regularly, and prohibit single-access credentials for company sites.

Monitor suspicious activity on all your accounts.
Stay alert for unauthorized attempts to access computers and mobile devices. Watch out for IP addresses that aren’t associated with known employees. Attempted logins from strange locations and unknown machines are a major indicator that a password attack may be underway.

Implement multifactor authentication.
Multifactor authentication (MFA) strengthens your cybersecurity by requiring one or more forms of login verification such as one-time codes, security questions, or biometrics. With MFA in place, stealing an employee’s password won’t be enough for criminals to gain access to your systems.

Provide your employees with a secure password manager.
Password managers are automated programs that generate, store, and track passwords. Secure ones use heavily encrypted databases to protect the passwords they store for you and your team. When your employees don’t have to remember every password they use, they’re less likely to reuse the same ones across multiple services.

FAQ on password theft

Component ID : "faq-1301646222"
Model : "faq"
Position : "left"

Phishing is the most frequent tactic for password compromise, followed closely by brute force attacks.Disclosure 1 Other regularly deployed methods include dictionary attacks, password spraying, and credential stuffing. 

A brute force attack uses specialized, automated tools to systematically crack users’ login credentials. These tools are quick, persistent, and sometimes sophisticated enough to avoid incorrect-password lockouts.

Virtually any business with valuable information—like corporate credit cards, online bank accounts, or trade secrets—can be the target of password compromise schemes.

Turn to professionals for protection.

To learn more about cybersecurity threats and the various types of fraud facing your organization, connect with one of Truist’s relationship managers.

Purple PaperSM

Digital Transformation

Learn how you can put advanced technology to work for your business.

Related resources

    {0}
    {6}
    {7}
    {8}
    {9}
    {12}
    {10}
    {11}

    {3}

    {1}
    {2}
    {7}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}

    Stay informed and get connected

    Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

    Connect with a Relationship Manager

    Work with a partner who sees your vision and has the resources to help you achieve it. We’re ready to focus on the specific needs of your company—and where you are in your business lifecycle.

    *This form is for prospects. Truist clients should contact their relationship manager with inquiries related to commercial products and services.

    Helpful links



    Sign up for monthly articles on Business Insights

    Sign up to receive our business insights, thought leadership, and client success stories that can help inspire your next bold business move.

    Please enter a first name
    Please enter a last name
    Please enter a valid email address
    Please enter a company name
    I'm also interested in: Please select a campaign option