World Password Day: (Pass)words are free, it's how you use them that may cost you
In the last couple of years, we have heard the term ‘data breach' probably more than ever before. And what's changing is that organisational data is no longer the only thing at stake – it's the data of users like you and me. Our personal information such as addresses, contact numbers, and bank account details are made available to anyone looking to exploit it.
Breaches at some of the world's largest social media, e-commerce and even dating websites, have exposed data of millions of Indians, underlining the importance of online security in our everyday lives. While cybersecurity may seem complicated to many, it is anything but that. And, it starts with something we have all dealt with, ever since we created our first online account – passwords! This World Password Day (May 6), it is essential we realise just how vulnerable a poor password can leave us, especially when our lives and all our data has moved online.
How hackers prowl
Think of it like this - passwords act like a key to your digital identity; the more unique the key, the lesser the chances of a stranger being able to unlock it. Unfortunately, however, our recent study finds that almost 70% of Indians do not change their password frequently. A common strategy used by cybercriminals involves cracking passwords of less secure accounts with limited personal information. For instance - if they can get hold of the password from your gym membership app, they try using the same password to break into your online banking account.
This reinforces why we shouldn't think of passwords as a mere formality when creating an account online, no matter how insignificant the account may seem. While sophisticated new-age algorithms have the capability to run through multiple password combinations in a short time, using a long, complex, and unique password for every account will dampen any break-in attempts.
Bulletproof your passwords
Take a moment to think about all the online data you have that is password-protected: social media accounts, e-banking, online dating profiles, streaming services, the list goes on. Take the time to consider what are the credentials they are protecting. Let World Password Day be the perfect opportunity to take your password game to the next level –
- Check if your passwords have been exposed
Sites such as www.haveibeenpwned.com help you understand if your password(s) have ever been compromised in any breach. Do not ignore warnings from browsers or reliable tools that warn you of leaked data. Give your passwords an overhaul and change them immediately.
- Enable two or multi-factor authentication
Most apps and websites will have this option. Our study revealed that an alarming 73% of Indians have never used this feature. As it requires multiple forms of verification, multi-factor authentication can significantly reduce the risk of successful impersonation by hackers, using an additional layer of security. Also, never reveal or share passwords with anyone including OTPs.
- Keep it impersonal
Avoid including parts of personal information such as your name, birthdate, pet's name, etc. One sweep through your social media, and hackers are already taking guesses at your password. Be bold and create scrambled passwords or use password assistance. People usually worry they will forget passwords, resulting in weak ones that they can remember and reuse. This should be the least of your worries as most websites and apps have a ‘Forgot Password?' option through which you can either retrieve or reset passwords. The longer, and jumbled the password, that much harder it will be to crack.
- Layer them up
‘Password', ‘12345', blank, ‘temp123' are some of the most commonly used passwords, and the first set that hackers try. Consciously avoid using any of these. Integrating a combination of capital and lowercase letters, numbers, and symbols help in making them less prone to hacks. Many sites enforce these guidelines during the account set-up process and show the strength of your password - strong or green is best.
- Use a password manager
It can be difficult to remember multiple complex passwords, using a password manager will help keep a track of passwords, across all your accounts. A comprehensive password manager will also help you generate strong passwords to utilize while creating new logins. Browsers and password managers from reputed security vendors are recommended for password management.
Lastly, complement good password practices with a comprehensive security solution to better protect your accounts and networks from intruders. Spend a few moments to review your digital defences and ensure that passwords get the due diligence they deserve. After all, passwords are your best cure to being digitally secure!
This article has been written by Venkat Krishnapur, Vice President of Engineering and Managing Director, McAfee India