The Password Problem – How to Stay Secure
Most of us have a “password problem” using and reusing (and reusing) passwords like “Jackson$25” to log in to sites like Gmail, Facebook, online banking and more. Although it is easy for you to remember the one fairly strong password you constantly reuse, it is equally as easy for snoopers and hackers to snatch it too, and ultimately have access to multiple accounts.
Once a hacker has access to the “duplicate” password, they can “duplicate” their un-authorized access to those other aforementioned sites. With access to an account like your email, they can scan your inbox to find communication where you had requested a “Password Reset” by clicking on “Forgot Password” and then get access to additional accounts.
This is just one way for hacker to access your personal information, but hackers can throw multiple baits at you through multiple accounts, so that you or your service provider reveal other pertinent information. When it comes to generating, managing and protecting passwords, you may be hit with dozens of unique attacks coming in from multiple directions, so a hacker has a lot of opportunity to steal your data.
Since memorizing and managing passwords is difficult, it’s pertinent to build a good foundation on what a password is before we talk about how consumers react to this problem.
Passwords are the key to your digital house
Think of your passwords as the key to unlock your home (or digital home in this case.)
There used to be a time when you didn’t need to lock your door. You could open the doors and windows to enjoy the breeze without worrying. You didn’t t fear for your safety until one bad neighbor realized that there were valuables in your home that they could easily take while the door was open. So now, to keep the bad guys out you have lock the doors and shut the windows to make sure your home is secure.
The same goes for passwords. They are the key which provides access to important personal data or business information. Just as you know not to leave a key under the doormat, you know you shouldn’t leave your password on a sticky note attached to the monitor. You have to make sure you’re the only one with access to your password.
Now, let’s bring this analogy up a level. Imagine that you have multiple condos for rent. Would you put the same key and lock on all of them, or would you make sure that each unit has its own dedicated lock? The answer is obvious.
The same thinking can be applied for passwords. Each online login (condo) requires a unique password (key) to keep potential hackers out of your personal accounts online.
The Password Problem
While passwords are simplistic in nature, they are at the center of a complex web of issues.
The seemingly endless stream of data breaches in the past few years have put consumers on edge. The fear of being hacked or having your personal information stolen is so nerve-racking that people are more concerned about protecting their digital assets, like photos, than they are about protecting their finances online. The reason for this being that people assume banks have the necessary technical resources to protect their passwords and prevent hacks – though we know that is not the reality as hackers can gain access to financial information by hacking retailers.
That being said, let’s keep in mind that all passwords are equally important. There is no reason to lock all of the doors in your house except one.
Both passwords and people are equally at fault for the mayhem we are in. Many of the problems associated with passwords are really about education and training ourselves.
People choose convenience over security
You waste valuable time every day trying to keep all those passwords straight in your head. Which one did you use last? Which one has the semicolon? And you worry about whether anyone will figure any of them out. You know you shouldn’t write down your passwords or use the same one every time (like your wedding day or qweasd), but you do it anyway. You’re trying to save time by keeping your passwords simple and memorable. But doing so creates a short fence that hackers can easily jump over.
When it comes to protecting digital information and thinking about your own setup, preparation and cybersecurity planning, you should consider the experience of others who have suffered through hacks or have effectively defended against attacks.
Password strength does not necessarily have anything to do with using special characters and lower or uppercase letters. The strength mainly lies on the number of characters used to create a password. So, if you have a password with 20 characters, you are far better off than a user with a 7 character password who have used special characters, symbols and numbers.
5 Password Security Best Practices
So, besides maintaining strong, unique passwords for each of your online accounts, what can you do to protect yourself? Here are 6 data security tips you can easily implement that actually work.
1. Implement a passcode on all devices
It’s no secret that you should lock your phone and computer with a password, but most people still don’t do it. If somebody were to get ahold of your phone or computer, a pin would keep them from accessing your phone. Be sure to set up a 4-digit or 6-digit PIN on your devices. An additional security measure you can take is to set a timer so you’re prompted to enter your password after a period of inactivity.
2. Do not share your passwords
We are often tempted to share a Hulu password, debit card, private photos and other personal information, but doing so means you are putting yourself at risk. When you share your personal information via email or text, you become more vulnerable to hackers because your accounts become accessible by multiple people.
Think twice before you share anything online. Only share passwords when you absolutely must, and always make sure you trust the person you’re sharing content with, as you never know who your passwords could be passed along to. When the person you’re sharing with no longer needs the password, the password should be changed immediately to reduce any risk of a hack.
3. Add additional security layers
Two-Factor Authentication, also known as 2FA, is a popular and effective method to protect your passwords. 2FA has two layers of security for optimal protection – it requires a password and username, as well as an additional piece of security that only the user has access to.
A one-time code that gets texted to your phone upon request or a fingerprint could be used as a second layer of security. Enable 2FA for services and apps so that you maintain security when you open your email or make a payment online.
4. Be cautious with relying on the cloud
The cloud has made storing files easier than ever. Using cloud services, like Dropbox, increases your risk for theft and security breaches from hackers. Secure your data stored in the cloud with a strong password and password-protect your entire Dropbox folder.
The password should include a completely random and unrelated combination of letters, numbers and symbols. Also, pay attention to which of your third-party apps have permission to access your Dropbox files, and review your account settings to see the apps you’ve granted permission to. De-authorize any apps that aren’t necessary.
5. Think twice before sharing sensitive data over open WiFi
Free WiFi is available almost everywhere. We know that it’s almost unavoidable to use open WiFi at a coffee shop or the airport, so it’s important to know how to connect safely when you need to access it. Avoid working with anything sensitive on open WiFi, like your credit card number or work emails.
If you do need to access sensitive information while using open WiFi, remember to change your password as soon as you’re connected to a trusted network. When you aren’t using WiFi, turn your device’s WiFi off so you don’t accidentally connect to available networks.
Anybody who frequently uses public WiFi should consider purchasing a Virtual Private Network to remain unseen by potential hackers.
Red flags from online companies
Once you’ve secured your phone with the tips above, educate yourself on which online companies have the best security practices. When creating online accounts, avoid retailers, banks and service providers with these insufficient qualities:
- Vendors who do not care about their own security, or are being hacked regularly.
- Verify retailer’s password policy when you create an account. If the company’s password policy cannot differentiate between upper and lower-case letters or does not allow you to include numbers or special characters, avoid creating an account.
- Avoid retailers who require 8 characters as their minimum password length. These days, 15 characters should be the minimum. If they only require 8 characters, this means that such vendors employ relaxed security rules, which is bad news for you. It’s a very weak barrier for any hacker to penetrate through.
- Verify whether or not your password can be 45 characters long. If you use a password management tool, it will save and remember it for you so you don’t have to worry about entering it in online. But, if a retailer cannot accommodate long and strong passwords, then this is another indicator that they belong to yesteryears and lack modern computing needs.
The most effective solution to the password problem
In addition to the above tips, the most effective and convenient way to ensure your online life is properly safeguarded is with a password manager.
If you are pasting sticky notes on your monitor with your passwords or saving your passwords in an Excel document, you are putting your passwords in plain sight, so anyone can see them.
For the savvy technologists, who have created their own secure (encrypted) folder to maintain passwords, keep in mind that you still need to type passwords – that is where a keylogger can snatch it while you are typing. Rather than maintaining your own password list, use a password manager to store and protect your passwords.
There are so many password managers available, so how do you choose one? If you are looking for key differentiators, look for product maturity in terms of solid features (not superficial features), functionality and product architecture that shows the management team is well-versed in security.
The value is inherent in simply protecting and managing your passwords. By launching a Single Sign-On (SSO) access, you are saving time, while bypassing keyloggers. Make sure you can also securely share your passwords with your loved ones or create a password beneficiary, in case you are traveling abroad or have an emergency that would require someone to login to an account.
A password manager not only ensures you can keep track of who has access to what passwords, but also allows you to have the tools you need to easily update a password at any time. Password managers save you from wasting time on failed log in attempts by storing and filling in your password for you.
Look for a tool that informs you where your passwords might have been used hundreds of miles away from your typical access location, to login to your account. Vendors, like LogMeOnce, that can trace such information to collect a hacker’s GPS location and IP address, where such attacks are originated from, or if they can take a photo of hacker from a distance are the most effective.
Whether you use a password manager or follow your own security practices, be sure to store your personal information in a secure location and educate yourself on proper security procedures.
Kevin Shabazi, CEO of LogMeOnce, is an experienced industry executive of over 27 years and has co-founded multiple successful companies including Applied Technologies, eView Technologies, Avocado Security and Trust Digital, which became a leader in the security and encryption market for the mobile enterprise and purchased by McAfee. A frequent speaker at worldwide industry events on enterprise security, encryption, Cloud SSO and Identity Access Management, Kevin is the recipient of numerous prestigious national and international accolades.