‘123456’ makes your data security an easy mark. You can count on it
If you use any digital device, you’ve probably found yourself in this situation at one time or another – staring at a sign-in screen with the words in big red letters staring back at you: “Forgot Your Password?” The words taunt you as if to say, “Hey, you made me up! Are you too stupid to remember me?”
The solution for many is to adopt a simple, memorable password that gets put on every sign-in page. Unfortunately the same approach that makes it easy for the legitimate user to access the account also leaves the door wide open for cybercriminals to blow past a company’s firewall, rendering IT security useless and exposing huge troves of a company’s data.
In an era when serious data breaches fill the headlines virtually every week, it would make sense for device security – and particularly guarding passwords – to be top of mind for every employee. However to avoid the risk of locking ourselves out of our own technology, too many of us continue to resort to using lamentably weak passwords that leave our personal accounts and business data wide open.
In fact, a list of the most common passwords of 2019 assembled by NordPass, a password management app, shows most people persist in making the same mistakes when assigning passwords. According to the list, reported in the technology magazine [ital] Verdict, [end ital] the top five passwords of 2019 are:
•12345
•123456
•123456789
•test1
•password
Other top contenders include asdf, qwerty and iloveyou. It’s clear the majority of the top passwords are found in easy-to-remember strings of characters on a standard qwerty keyboard. “Most people prefer to use weak passwords rather than trying to remember long, complex ones,” said Chad Hammond, security expert at NordPass, quoted in the [ital] Verdict [end ital] report. “It also usually means they use the same one for all their accounts.”
Indeed, recent research has found the average employee reuses the same weak password on 13 different accounts, meaning as soon as one sign-in is compromised, the rest of that individual’s information is also vulnerable. This according to the latest
Password Security Report from LastPass, another password manager provider.
Multiply & ConquerHowever, while individuals may rate making their digital lives convenient more important than safeguarding their information, IT departments working to change the game. The same LastPass research found 57 percent of businesses globally are using multifactor authentication, compared to 45 percent in the previous year’s survey.
Multifactor authentication verifies the user’s identity by requiring two or more pieces of information (or factors) to be presented. One factor may be a password, but a second factor may be, for example, the inescapable ‘mother’s maiden name’ question. Factors are usually separated by category; 1) something they know, 2) something they have, or 3) something they are. For example, a customer withdrawing money from an ATM requires the correct combination of a bank card (something the user has) and a PIN (something the user knows) to complete the transaction.
“MFA is a method of authentication developed to add an additional layer of protection,” explains Stephen O’Boyle, of BSI Cybersecurity and Information Resilience. But while the growing adoption of MFA in 2019 is encouraging, O’Boyle says it also means attacks against MFA will inevitably rise. “We expect to see attackers increase their attempts to bypass it,” he warns. “Organizations must have the capability to detect and react to advanced attacks in order to keep their clients, employees and information secure.”
However, with the advances in technology, others factors are playing a larger role in MFA – for example, biometrics and geolocation. In addition to what we have and what we know, who and where we are have become primary security tools, so much so that James Strickland, CEO of biometrics firm Veridium, predicts the death of the password as one of the “Top Security Trends” for 2020.
In an article in
Verdict, Strickland quotes research saying by 2022, nearly two-thirds (60 percent) of large businesses and almost all medium-sized companies will have cut their dependence on passwords by half. According to Veridium, biometrics, unlike passwords, are part of us. They can’t be forgotten, lost or borrowed. And they are not easily hackable, making biometrics more secure than passwords and more convenient to use.
Still for the foreseeable future, the lowly password will continue to be part of our everyday digital lives. With that in mind, here are some password security tips:
•Use different passwords for each of your accounts
•Use at least eight characters with lowercase and uppercase letters, numbers and symbols.
•If you must write down your passwords, store them somewhere away from your computer.