Accept you'll get hacked unless you take these actions
Why are passwords a bad way to secure accounts and what can you do?
Do you have ANY idea how many online accounts you have and how many passwords? I checked all my password managers and the total was over 500!
Accounts for banks, utility companies - old and new, both business and personal social media, schools, online retailers, streaming services, logins for customer sites, government and local authority accounts. This is password hell.
How did it ever get like this?
In the early days of the internet back in the 1990s no one envisaged that this would happen. You had one password for your email and the rest of the internet was just for public information.
And when I refer to email in the 1990s it wasn’t the fancy graphical, colourful browser-based email. It was a server that you logged into using one of those text-only green screens.
In my last post, I told you the story of Sara, a friend who got hacked a few years ago. Have a read and listen to the audio when you have time.
Hackers are trawling the internet for personal and private data all day long. Family members, dates of birth, names of pets, education and employment history, credit card data and of course passwords. They are building up profiles of anyone and everyone of any age from any country of any gender, faith or skin colour.
Everyone is a target.
Why Passwords Are A Bad Idea
We all know that using passwords as the gatekeeper of our personal and private information just doesn’t feel safe enough or at least I do.
How many people use the names of family members and memorable dates as their passwords? A hell of a lot of people I imagine; hackers and criminals know this and are scraping your social media post to find any clues.
Why are people so careless with their passwords? Usually, it’s because remembering passwords is hard. To add to that try remembering 500 different passwords. Impossible for the average mere mortal.
This leads to our second problem - password reuse. When you have so many passwords to remember you start reusing them across different services. This is a recipe for disaster. I’ll explain why another time.
So now we are faced with the classic security dilemma. A service needs to be easy enough for users to log in or access their accounts. However, at the same time you need to make sure that no one else can break in.
There Has To Be A Better Way
And there is - phew. But it will need some re-education. We need to use a multi-layered approach to securing online accounts. Passwords alone can be weak, follow predictable patterns or be susceptible to phishing attacks.
Here are 5 ways to improve your online security:
1 - Password Manager
This tool allows you to generate complex passwords and store them for you. Most browsers already have this feature. It means you only need to memorise one complex password to unlock the password manager. It can generate complex credentials for all your other accounts and ensure all passwords are different. This significantly reduces the chance of using weak passwords or password reuse.
This is my top recommendation that you can start using today.
2 - Multi-Factor Authentication (MFA)
Confusingly, this method goes by different names; some online services call it two factor authentication (2FA) while yet others call it two step verification (2SV).
However, they all mean the same thing. You have a physical device or app that generates a 6-digit code that changes every minute. It could also be random letters or a code that is emailed to you. This is an additional step you need to do after your password.
The key feature being that if your password is stolen then your account is still secure because three bits of information are needed to login. Your email which you know, your password which you memorise or store in a password manager and a 6-digit code which is generated on a device you have. Without all three pieces, logins will not be possible.
There are downsides to MFA such as if you lose your MFA device (usually an app on your phone) then you can’t login and have to follow an unfamiliar recovery process which can be lengthy.
Also, the feature needs to be enabled by the service you are using. All the major companies will do this already but not everyone.
3 - Biometric Authentication
Most modern mobile phones will have a fingerprint scanner. This has proved to be an amazing alternative to using passwords. Your biometrics are unique to you and are very difficult to replicate.
Again, like MFA the various apps and online services need to have this feature enabled.
4 - Passwordless Authentication
Yet another excellent method is passwordless logins. This is where a code is sent to you by email or push notification to your phone. You can then use the code or prompt to allow you access to your online account.
Again, like MFA and biometric logins the online services need to have this feature turned on for you to be able to make use of it.
5 - Security Keys
These are physical hardware-based keys (like YubiKey) that provide one of the most secure methods for account protection. They can’t be compromised remotely or by phishing.
Key Takeaways
Passwords are still a common way of securing online accounts but their effectiveness is becoming inadequate. We need to re-educate ourselves in other methods to secure our online accounts and there are many ways available. We just need to take the first step to change the way we login.
Credits:
Music: Downpour by Keys of Moon | https://soundcloud.com/keysofmoon
Music promoted by https://www.chosic.com/free-music/all/
Creative Commons CC BY 4.0 - https://creativecommons.org/licenses/by/4.0/
Thank you for this helpful info!