Pasi Siukonen, Technical Resources Group Team Leader at Kingston Technology discusses. the importance of passwords and best practices for password protection.
The average amount of time a person spends online is increasing. There are numerous tasks to be delt with – banking, online shopping, emails, studying – that people do online daily, and there are always smart phone apps that attract us end of the day.
Logging into all these online spaces requires users to implement passwords which are often stored on their computers. People assume that their passwords are safe from being hacked while that is often not the case. Most people do not change default passwords on their devices or keep passwords so simple that anyone can figure them out.
The average person has 25-30 online profiles or accounts, but to make it easier to remember, they use only 5 passwords for all of them. Also, thousands of people still use basic passwords (such as their name ‘1234’, or ‘password’) which is akin to giving hackers a direct access to all confidential information.
It is vital that strong passwords are used for router or firewall devices. The last thing a user wants, is for a hacker to gain control of their entire network and all the computers and files within it.
Passwords – The Basics
Passwords can either be hacked by people we know who have somehow gained access to them, or who might be able to guess (our birthdays, child’s name, etc.) If a hacker is unknown, using brute force attacks is the most common strategy for cracking passwords. They use programs that try every password combination possible until access is achieved. The simpler the password, the easier they can gain access.
Most common passwords include ‘111111’, ‘12345’, ‘login’, ‘password’, ‘12345678’, and ‘welcome’; amongst many others. It is always a good idea to add uppercase and lowercase letters, numbers and symbols to make the password more secure. A simple password “April’ might take an instant to be unlocked, whereas 4pr%l1LO#3 may have 100 trillion combinations to decipher.
Even the most basic product from our encrypted USB’s range targeted mainly to consumers has complex password requirements. Passwords are just one piece of the puzzle, but there are few recommendations for setting up good habits towards password protection. Being aware of security risks can greatly minimize online threads as well.
Different Passwords for different accounts:
According to Cyclonis Password Security Report, almost 83.15% of respondents admitted to using the same password for multiple accounts. This can be detrimental for a company, as when one account is breached, all other accounts are at risk. In 2016, Mark Zuckerberg’s LinkedIn, Twitter and Pinterest accounts were hacked as he kept the same password for all three accounts.
The best way to avoid this happening is to use a password manager for all accounts. Phrases instead of words can also be used as passwords, making them unique and less susceptible to decipher. Sometimes manual ways of storing passwords in journals or diaries also work better than storing them online.
Use multifactor Authentication:
Two factor authentication provides an added layer of security. After a password is entered, a verification notice is sent via SMS, or email; in order to grant access. This additional layer also means that the hacker needs both the password and the security code to access an account.
Changing passwords frequently:
One of the standard rules of password protection is to change them annually. In addition, passwords should be changed when a malicious program or virus is detected on the device, whenever a job role is changed, a default password that is already there prompted or when the device or computer is shared with other users.
Passwords to avoid:
No matter how easy they seem to be kept and remembered, users should never keep passwords that reveal confidential or personal information, for example birth dates, ID card numbers, account numbers, or safe codes. Passwords should also be never single words, a series of sequential numbers or more than two consecutive repeating characters. Also, passwords should never be shared.
Do not trust browsers:
Trusting browsers to save the passwords online is a very convenient option for many. Everyone has seen that option more than once and used it at least on one site. Even though this option is extremely convenient, it is also the least secure one as the underpinning security is often undocumented and does not require the passwords to be very strong.
What we should consider is the value we put on our data. Many consumers may avoid acquiring encrypted storage products or even companies would go along without having a data security policy in place. Even software encryption is better than no encryption at all. These have also been available for years for hard disks and SSDs (ie Bitlocker and FileVault) to further improve storage security.