HOW many online services do you use? This is probably difficult for you to count as so many websites and online portals have become part of our daily lives.
We have our banking, social media, shopping, news, streaming services, gaming and many others all available to us at a click of a button or swipe of our finger.
Now think about how many passwords you have? The chances are you have very few or maybe just one. For the passwords you do have, do they contain some of your personal information like your date of birth or a part of your address or a family member’s name?
This is exactly what cyber criminals are hoping for when they launch ‘Brute Force’ attacks using software that will try to guess your password using millions of variations of common words and symbols.
Cyber criminals can also get access to your sensitive data when they purchase credentials that have been stolen as a result of websites like LinkedIn being hacked in the past. When they get their hands on one set of your credentials it is likely they will be able to use them to access other services. This is called ‘Credential Stuffing’ and their goal will be to use this data to get access to your banking or credit card details.
Once you are compromised, they could then go on to attempt to scam family or friends that you have as contacts.
We sign up to so many services without really knowing how securely our data is being stored, and with so many data breaches happening it is only a matter of time before your credentials get into the hands of one of the bad guys.
You can check if your credentials were ever stolen using a website called www.HaveIbeen Pwned.com, you may be surprised with the results. Huge lists of credentials are regularly uploaded to the Dark Web where many other hacking groups will try to use them for financial gain.
The truth is, trying to create unique and complex passwords across many different services is near impossible. Humans are just not good at that level of recall. There are, however, some tips that can make life a lot more difficult for the criminals.
Using a password manager
There are online services that will help you manage your passwords. A password manager will securely store your passwords and help you to create unique, complex passwords for new services you sign up for without the need to remember them.
You will need to create and remember one very strong password to access the service and the password manager will look after the rest for you.
If the thought of keeping all your eggs in one basket makes you nervous or you are put off by the costs of these services (usually a few euro per month) there are other ways to reduce the risk of your password being compromised.
Prioritise your services
Without a password manager it is going to be difficult to remember a different password for every service you use. To help with this you can prioritise your services.
The password you use to access your email account is the highest risk password you own; if an attacker can get access to your email account they can very likely jump to other services that you registered for using that email address.
Any other services that store sensitive personal details such as your banking or credit card details also need a strong unique password.
For services like news or weather apps you could use a generic password as the risk is low if these services are compromised.
Longer is stronger when it comes to
It is now accepted that the most difficult passwords to crack are longer passphrases rather than shorter very complex passwords. A passphrase should be approximately 4 words long or at least 15 characters.
You could use a line from your favourite song or quote from your favourite TV show. For example: Fr. Ted My Lovely Horse could be turned in to a long password to include capital letters, symbols and numbers to meet the criteria of most online registrations. Like TeDMyL0ve1yH0r$e
Once you have a passphrase you can then add a modifier to it that will help you distinguish among the services that you use. For example, adding the modifier below for Facebook. TeDMyL0ve1yH0r$eFBK1.
Adding another factor
Many platforms now offer multi factor authentication (MFA) to login to their services.
Essentially, this adds another layer of security to your password should it fall into the wrong hands. This can come in the form of biometrics, such as your fingerprint, or a unique code that is sent over text or through an authenticator app. If this is an option within the services you use, you should take advantage of it, generally they are designed to work very quickly and won’t slow you down too much.
It may seem a lot to take in, but if we all began to move away from short passwords to longer, more difficult-to-hack passphrases, and took advantage of multi-factor authentication where it was available, we would greatly reduce the risk of a compromise and the very damaging financial and personal impact that can come with that.
ABOUT THE AUTHOR
John-Ross Hunt is a Product Manager with Cyber Security leaders Trend Micro, specializing in the area of enterprise security awareness training with the product Phish Insight.
Tomorrow: Safely browsing the internet.