Three Cyber Aware tips to protect your password(s): World Password Day sees 555,278,657+ stolen credentials.

Depending on your part of the world, today is World Password Day! While for fellow Downundians it was actually yesterday, there’s never a bad time to strengthen your passwords!

As of right now, HaveIBeenPwned (a database of real-world passwords previously exposed in data breaches) reports 555,278,657 stolen passwords in their database.

You can actually visit their website and check if one of your passwords is among the many stolen.

Furthermore, large portions of these passwords and the countless unaccounted for in unknown data-breaches are constantly being bought, sold, and used in the dark web to exploit individuals and organisations at large.

To best avoid your passwords being bought & sold on the dark web along with the billions of others, we’ve come up with three key password tips to close out your work-week:

Tip 1: Start Passphrasing!

Have you ever struggled to come up with a strong enough password for a new login? The easiest way to get around this, while still creating a password that’s easy enough to remember, is passphrashing!

If you haven’t already heard of it, passphrasing is essentially like using an acronym; you take the first letter of each word in a sentence or phrase, and use it to make a password!

For example, “I’m going to the pub after lockdown” could be used to make a passphrase such as “iGtTpAl831”.

This way, you have an easily memorable password that’s much harder for a hacker to guess or crack. Remember to use a mix of upper & lower casing, as well as some numbers & special characters for extra strength.

Tip 2: Regularly Change your password!

Passwords should be treated like your toothbrush. Never share it around, and change it regularly.

The reason for this is that even if you have a strong password that is entirely unguessable, it can still be lost or stolen in other ways. Take, for example, the recent Zoom security issues; one of which saw a large pool of passwords stolen during a data breach and sold on the dark web.

In this scenario, weak and strong passwords alike were outright stolen and leaked entirely outside of the end-users control. And considering that on the dark web, password trading and password dumps are still being performed regularly, sometimes in chunks upwards of 2billion at once, it’s more likely than not that your passwords are already out there.

Even if you have a strong passphrase, change it often to ensure that your password is private & secure.

Tip 3: Use a password manager!

At the risk of sounding like Elon Musk discussing his newborn in the new Joe Rogan podcast: human brains are a lot like computers. We have a limited amount of memory.

Rather than scrambling to remember each and every unique password, or worse, compromising the strength & complexity of your passwords to ensure that they are memorable, use a password manager!

The way that password managers work is similar to how a browser’s auto-fill works. When logging in to an account, you type in your username & password just once, then your password manager securely stores and remembers them. Next time you log in, the password manager will take care of the grunt-work and log in for you.

The only password you still need to remember is your master key for the password manager itself.

You’re probably thinking that this doesn’t sound safe, but in exchange for this easy login tool, good Password Managers bulk up their security on the master login. Often times, you’re required to know your master-key, have a two-factor authentication code, and authorise the device that you’re logging in from.

In exchange for that hassle, you don’t need to write down or remember any of your other passwords, and they’re actually kept safer as a result!

Some password managers I’d recommend are LastPass1Pass (my preferred choice), and the updated Google Password Manager with Two-Factor enabled.

For more information on work-from-home security, visit https://portal.cyberaware.com/remote.

Are we prepared for a cyber-pandemic? Cyber Aware’s safety-advice for Privacy Awareness Week

Despite decades of warnings and best advice from leading scientific bodies, no one was adequately prepared for the COVID-19 pandemic.

In many parts of the world, businesses have shut-down entirely, health-care has been utterly over-run, the economy has shifted and people have frequently lost not only their jobs but regrettably, many have also lost their lives.

The one saving grace of all this (asides from the amazing, adaptive public response) has been our technology; the ability to take our work home and to broadcast key information to the masses at an instant.

However, what if we had a similar situation to the current pandemic, without the ability to fall back on our tech?

Experts have been forecasting global cyber-crisis for years, citing wide-spread malware infections, cyber-warfare, and cyber-terrorism not only as serious threats but potential doomsday actors.

These concerns are wholly valid, with Donald Trump declaring a state of emergency in response to foreign hackers threatening U.S. power grids only last week!

This might sound like fear-mongering or an excess of the ol’ doom & gloom, but considering the radically increased business & infrastructure reliance on technology during the 2000s, and the fact that over 80-90% of businesses now rely on technology for communications and internal management, the damages of a tech-based pandemic would be catastrophic.

Concerns surrounding a cyber-pandemic started to flow into the mainstream largely following the Stuxnet virus discovery in 2010, in which a powerful computer worm aimed at Iranian nuclear facilities reportedly destroy numerous centrifuges, causing them to burn out.

After being confirmed as an act of war, Stuxnet malware essentially mutated and was found in numerous industrial facilities across the globe.

These kinds of attacks against critical infrastructure continue as recently as November of 2019, in which India’s largest nuclear power plant suffered a serious cyber attack.

The problem with cybercrime is that it’s ludicrously cheap and effective, that it essentially trumps all other forms of crime & warfare. Why build a multi-million dollar fighter jet if the enemy can shut it down at the flick of a switch? Why build a steady source of income when I can phish hundreds of thousands of dollars overseas, without being detected?

Considering the fragility of our healthcare, public services, and economy during this pandemic, both infrastructure and businesses alike are more vulnerable to cybercrime than arguably ever before.

Last year, we saw Victorian hospitals become the victim of a crippling ransomware infection that severely disrupted multiple regional hospitals & caused numerous patients to miss critical surgeries and appointments.

Given how easy it was for such a significant attack to occur, can you imagine the current threat on overloaded healthcare systems if similar attacks or a more intentional, targetted attack were to occur during this pandemic?

Furthermore, cyber-warfare and cybercrime are both continuing a steady increase on a yearly basis. Given the number of vulnerabilities opening up as a result of COVID-19 (such as the loss of security during the shift to remote working) 2020 is forecast to see an even larger boom in cybercrime.

While most of us are likely outside of the realm of influence for cyber warfare & cyber terrorism, there is plenty we can do to ensure that our own technology is safe from malware infection and criminal activity.

Three major ones you can do right now are some of the tried and true cyber-basics, such as:

  • Password Hygiene: The first barrier between you and a hacker is your password, so treat it with some care. Many of us are still using the same old password across multiple key systems. Now more than ever: Change. Your. Passwords! We recommend passphrasing as a secure option moving forward.
  • Using Two-Factor Authentication: Two-factor is essentially the second barrier to stop an attack in the event that your password is cracked. Many login systems make two-factor compulsory, and practically all social media, emails & work-systems can have it enabled. Turn on two-factor on all key logins.
  • Keeping an eye out for email & SMS scams: Phishing is still the leading method used by cyber-criminals. It didn’t take long for attackers to piggyback on COVID-19 to launch new scams, even going as far as posing as the AusGov.

If you haven’t brushed up on email safety this year, please have a read of these StaySmartOnline tips for a quick refresher.

For more information on cyber safety during the pandemic, visit https://portal.cyberaware.com/remote!

Toll Group suspends IT systems following unusual server activity. Cyber Aware’s tips on managing a cyber incident

Before COVID-19 dominated the news cycle, you may have seen that Toll Group, the well-known global logistics network, and freight transport provider, fell victim to a targeted ransomware attack.

As many as 1000 servers were infected during the February attack, and the company received harsh criticism from the public for their prolonged silence regarding the attack.

Key delivery services were majorly disrupted, and while clients experienced significant delays, many were left in the dark; unsure of whether & when they could return to regular operations.

“It’s 10 days overdue, so for the last week I’ve been spending at least three or four hours a day on the phone trying to get some information.” quoted sales manager, Jeff Ward.

While the fallout of a cyber-attack is objectively damaging on a technical and financial level, the reputational damage is what businesses often fail to recover from, with an average of 60% of businesses failing to continue operations following a cyber-attack.

Now it’s May, and the company has reported another security incident, however this time with much more transparency and urgency.

While customers and clientele were left frustrated and unsure during the last incident, this time around Toll appears to have applied the lesson learned on PR and incident management by immediately closing services and alerting the public.

While the specifics are not yet known, and the nature of the damages or incident are yet to be revealed, stakeholders this time around are aware of the current situation, and most importantly, have not been left hanging!

Toll’s cyber-incidents and response this year are demonstrating both the best & worst of incident management, and from this case, your business can learn the following things:

  • Prepare a statement in advance, and release it promptly. Much like Toll’s most recent example, your initial statement does not need to disclose a full report of damages, impacted clients or the nature of the attack.
  • Have a plan of action. Prepare backups of your key data so you can comfortably recover the damages. Layout a plan not only for the event that you need to cease activity but also for resuming your business activity following a breach.
  • Adhere to your country’s regulations, but don’t stop there. As many of us in the cybersecurity industry are aware, in February of 2018 Aus Gov rolled out Mandatory Breach Data Notification laws that laid out the specifics for reporting a data breach, and the associated penalties for failing to do so (cough up to $2.1million cough).

It’s critical that whether you’re operating under GDPR, the NDB, or otherwise, that you are familiar with your obligations and responsibilities following a data breach.

But of course, don’t stop at policy requirements. Consider how you can best reach legal demands while also maintaining trust and responsibility among your shareholders/public-image.

Given the increased vulnerability of businesses during this pandemic, it is crucial that you are prepared not only from a security standpoint but from an operational and reputational perspective as well.

This pandemic has been an immediate and radical change for all of us. Alongside our scattered workforce, shifting work culture, and general pressures as an adapting business, the last thing any of us need right now is a frustrated & disheartened client-base due to poor incident response.

For more information on incident response and cybersecurity awareness, visit cyberaware.com!

Cyber Aware’s essential safety tips for returning to the workplace

As new cases of COVID-19 remain low, and discussions of lowered restrictions populate Australian news, it’s time that we take a step back and consider the new security challenges during our return to the office.

This pandemic has driven huge, immediate change at both a societal and cultural level. Within our own businesses, many of us have discovered a capability to keep the ship afloat without the benefits of the office, and a lot of workers will find themselves comfortably working from home on a regular basis.

While some predict that work-from-home is the new norm, and others are forecasting a mass return to the workplace, the reality is that we’ll likely land somewhere in between, especially while we work out the kinks of social distancing and beating this pandemic.

As such, Cyber Aware recommends that any workers, whether you’re frequenting the workplace or the lounge room, follow these key safety steps:

  • Be cautious as to the devices you bring between the office and home. Just because your battery died and you had to use your home-laptop, doesn’t mean that it’s fit for use in the office. If your home device has a virus or any malicious content on it, bringing it to the office can expose the whole network. BYOD policy can seem trivial, but it’s been responsible for bringing down entire nuclear facilities, let alone your workplace. And, on that note:
  • Keep your work and personal devices separate! Not only will it be embarrassing to bring up your teenager’s search history during a work meeting, but it’s also a huge risk to access corporate, confidential data on the same device where your family browses the web & downloads unknown content.
  • Moving back to the office, it is a good idea to not only utilise a VPN at home but at all times. A common form of attack, especially for larger workplaces, will be fake wi-fi and network compromise. Stay ahead of this by connecting to your business network through a secure tunnel, a VPN. (If you’re in a managerial position, we’ve always been huge fans of HackHunter for weeding out fake wi-fi devices).
  • I think it’s safe to say that things have gotten a little bit laissez-faire during the lockdown. With so many distractions at home, the 9 to 5 has started to look more like a 12 to 12 with fifty breaks in between. Whether this is for better or worse, one thing is for certain; break any habits of using social media for work purposes. Simply put, any new platform you put work-data on is another platform it can be stolen or compromised through. Facebook and Gmail are not suitable avenues for delivering private data.

And of course, continue to maintain physical distancing measures, and continue to regularly wash your hands. The main point of lockdown was to avoid overwhelming the healthcare system; the virus is still a major concern regardless of current lockdown measures, so keep your physical safety and wellbeing as a top priority.

For more information on reducing risk and working from home, visit cyberaware.com/remote

Leading compliance providers voice major cybersecurity concerns during COVID-19

On April 14, 2020, Gartner surveyed 145 leading legal and compliance entities, revealing that more than half of the respondents deem cybersecurity and data breaches as the most-increased third-party risk facing their organisations.

No alt text provided for this image

This is primarily in response to the advent of remote-working, wherein the vast majority of organisations are seeing their workforce working from remote locations and employing a new, largely unmonitored array of third-party tools.

Arguably the most widely-adopted platform during this time, Zoom (who has skyrocketed from 10 million users to over 200 million in only 3 months), recently made the limelight for major vulnerabilities and security concerns. Considering this, it’s not hard to see why third-party apps are especially important in the current risk-conversation surrounding COVID-19.

We all have unique methods of working and our own preferred apps, which is why it’s quickly becoming a huge problem for organisations that are trying to keep up with the flood of third-party apps being used from home.

Best put by the managing vice president in Garntert Legal and Compliance, Vidhya Balasubramanian stated that “Remote working has been hastily adopted by suppliers to keep their business running, so it’s unlikely every organization or employee is following best practices.”

Cybercrime continues to be a pressing issue during this pandemic, both with COVID-19 themed scams running rampant and reported cases skyrocketing, such as Malaysia’s 82.5% increase. It’s important that as employees or business owners, we take a step back and evaluate our cyber posture.

While working from home, here are a few steps you can take to mitigate the risk from third-party apps:

  • Stick to the same apps you use at work. Company apps are often reviewed based on their security standards. By simply using a new app, you could be breaching compliance and causing risk to your company.
  • Don’t share work data over personal accounts. While it’s tempting to open up a Google Doc on our personal account or send a PDF through Facebook, these are personal accounts with lower security standards and should be treated as such.
  • Keep your apps up to date, and keep your self up to date with the media! In Zoom’s example, there are still countless users who are unaware of the security flaws on the app. The same can be said for many third-party apps. Stay aware and frequently update your software so you know what security concerns are present and whether they’ve been patched.

For more information on reducing risk and working from home, visit cyberaware.com/remote.

Coronavirus SMS scams: Attackers piggyback on official Government safety announcements

Have you received the below SMS message?

No alt text provided for this image

If you have, don’t worry, it’s a legitimate announcement from the Australian Government; screenshotted directly from my phone.

However if you’ve received an SMS similar the below, proceed with caution. It’s a scam:

No alt text provided for this image

(Image courtesy of the Australian Computer Society)

Scamwatch reports that since the COVID-19 outbreak, they’ve received more than a thousand reports of coronavirus-related scams. These range from phishing emails, SMS scams, and general social engineering attempts, however, they typically share a few common characteristics:

  • They often pose as a government body
  • They frequently play on false government rebates or tax claims relating to COVID-19
  • They always ask you for a call-to-action (providing private details, card information or otherwise)

In the above example, the link in the SMS reportedly took the victim to a fake COVID-19 information page in which a multitude of false services was advertised, ranging from fraudulent early-access to superannuation funds to false ATO tax rebates.

During this time, in which many Australians are facing unprecedented financial hardship, it’s easier than ever for scammers to play on our vulnerabilities and exploit our need for stability.

To ensure that you don’t fall victim to predatory COVID-19 scammers, follow these tips as a general rule-of-thumb:

  • Even if a URL or SMS is from a legitimate source; never click the link directly.
  • Fake websites can hide within hyperlinks; It’s always safer to type the website out in your browser instead
  • Do not respond to or action claims for personal or financial details. Delete any SMS or email correspondence requesting you to do so unless it is heavily verified

And most importantly; if it sounds too good to be true, it is. Remember that we’re all in this together, any benefits, claims, or stimulus we receive during these times are not unique to us alone. Check with your colleagues and with official sources to confirm that you’re actually entitled to financial support or rebate, and then go through the official channelsto process them.

For more information on keeping your business cybersafe during COVID-19, visit https://portal.cyberaware.com/remote.

Elon Musk and NASA ban corporate use of Zoom over privacy concerns

SpaceX (Elon Musk’s aerospace manufacturer company) recently banned its employees from video conferencing via Zoom on account of “significant privacy and security concerns”.

NASA soon followed suit, along with U.S. law enforcement who issued a public warning regarding the security of the skyrocketing app.

The security concerns surrounding Zoom initially gained the spotlight alongside their sudden blow-up following cascading work-from-home arrangements for COVID-19. The first notable privacy shortcoming came in the form of “Zoombombing”, wherein uninvited guests could join a video conference to essentially run amuck. This ranged from intentional attempts to eavesdrop on confidential conversations, and simple trollery in the form of abuse, pornographic material, and general disruptive behavior.

In addition to this, multiple security concerns and exploits have been discovered over the past weeks, such as this major flaw that allowed accounts to be hijacked quite easily, as well as thousands of Zoom accounts being found for sale on the Dark Web.

And as recently as April 15th, two new exploits were discovered on both Windows and MacOS that could enable unauthorised parties to spy on Zoom meetings.

Zoom CEO Eric Yuan has done the respectable thing and owned up to the security concerns by issuing a public apology, and statement of action following these significant concerns, citing an unexpected, gigantic increase in the Zoom userbase (going from 10 million daily users up to 200 million since December.)

Regardless of whether you’re on Zoom, Slack or another video conferencing provider, here are a few easy things you and your colleagues can do to keep your conferences secure:

  • Keep an eye on the participants in your conference

This is especially important for larger conferences, wherein unidentified or unauthorised persons can slip under the radar more easily. If you’re in a meeting of more than just a small team, it’s a good idea to assign a moderator who can keep track of participants.

  • Be aware of your surroundings

Everyone has a story about accidentally sharing the wrong information in a conference (including myself). Be mindful of what’s up on the whiteboard in the background, and if you’re screen-sharing make sure you close confidential or embarrassing tabs.

  • Limit confidential information through conferences

In light of these recent security concerns, it’s important to be mindful that video-conferences are another potential source of data leaks and security concerns. Limit the information you discuss in conferences to ensure that it isn’t leaked or eavesdropped on by malicious parties.

Finally, it’s important to note that while Zoom is currently in the limelight for security concerns, it’s likely that you’ll find similar issues on other video-conferencing services that simply aren’t as publicised at the moment.

Regardless of the platform you use, remember that video-conferencing is always another platform that you’re sharing data on. Conferencing should always be treated with caution and appropriate security policies accordingly.

For more information on work-from-home security, visit portal.cyberaware.com/remote

Travelex pays $2.3 million USD ransomware bailout: Ransomware cases silently rise during COVID-19

If your business faced a ransomware attack, would you pay the hacker?

It’s estimated by Kaspersky that 45% of business employees are unaware of how to handle a ransomware attack, and especially given the current circumstances, this is a critical cybersecurity opening for many organisations.

Wherein the majority of organisations are used to a conventional security structure with secure office networks, firm access control policies, and countless on-site security measures to reduce risk, countless workers are now suddenly minimising or totally missing these security measures in place for stock-standard home networks and a plethora of exploitable risks that come with the move.

In 2019, it was also estimated that 15 percent of all ransomware victims chose to pay the ransom. However, it is widely recommended that ransomware should be treated similarly to a real-life hostage situation: never pay the ransom.

Not only does this not guarantee that the hacker will remove the ransomware, but it also incentivises them to target you and similar businesses again.

A recent example of a massive ransomware payout was that of Travelex in December 2019. Travelex is a foreign currency exchange that services businesses across 26 countries, and in response to a targetted attack by the prominent hacker group, the Sodinokibi gang, Travelex paid out a sum of $2.3 million dollars.

The Sodinokibi gang held 5GB of encrypted data at ransom to accomplish this payout, which they promised to delete upon payout. The issue is that while the payout did prevent the attackers from publishing the sensitive data, there is no way of knowing whether they actually deleted the information.

And considering that this is a criminal group, it only stands to reason that they’d keep it as a further avenue of exploitation and profit.

While the Travelex incident was late last year, research indicates that ransomware attacks have gone up significantly throughout the COVID-19 pandemic, especially against businesses in the health industry.

Regardless of whether or not your business lands in the health sector, here are some precautions you can take pertaining to ransomware, especially in these current circumstances:

  • Be cautious of ransomware scams disguising as COVID-19 apps or services (Read here)
  • Evaluate what security measures are missing due to work-from-home, and do your best to replicate them in employee houses (See my article from last week)
  • Back. Up. Your. Data.

That last step is especially important, as oftentimes the only thing that can give you some leeway in the case of a ransomware negotiation, is if you have a copy of stolen data to restore from. (See Here for more information on developing a back-up plan for your business)

Finally, for more details on staying safe online and covering your work-from-home security, see our remote-working program.

What does COVID-19 mean for password hygiene?

With the advent of remote-working in response to COVID-19, we’re all making necessary adjustments. We’re incorporating new behaviors into our day-to-day life, such as limiting our time out of the house to essential shopping or exercise, and are now using our homes for activities that we’re otherwise used to performing out in the world.

We’re adopting new indoor exercise routines, frequently preparing our own meals in favor of the usual take-out, and have had to establish boundaries between working space and relaxing space within our own houses. Most notably, it’s reported that hand-washing is up by 1000% across the globe (don’t fact check me on that).

While we adjust and make preparations during this unprecedented time, it’s important that we take consideration for some of the subtler changes pertaining to safety as well. One of which being simple password hygiene.

It didn’t take long at all for scammers to jump at this opportunity and roll out a plethora of COVID-19 scams, but this isn’t the only way they’re exploiting and profiting from the masses during this time. Hackers & scammers are well aware that with the move to home-offices, comes a move away from office security.

Things like network security, access control, and general password hygiene are more exposed now than they have been for a long time

In the migration to our home-offices, most of us are taking passwords that were previously used only on secure office networks and entering them into home machines with lower standards of security. Furthermore, systems that we never had to re-log into, or that we’ve forgotten the passwords for, are having their passwords reset for the home-office.

When re-entering or changing passwords for your work systems, it’s a critical time to reconsider how strong they are, and how long you’ve been using them.

To ensure that your passwords aren’t compromised as a result of the change in workplace security.

Make the switch to passphrases.

A passphrase, simply put, is an anagram. Rather than using a simple word with some numbers, it’s encouraged in modern online safety to use complicated passwords. These can be made easily by using a phrase that you’re sure to remember, and flipping it into a passphrase. For example:
”Jack and Jill Went Up The Hill” can be used as a passphrase such as “JaJwUtH”.

Add a few numbers and a symbol to the end of that, and straight away you’ve created a strong, memorable passphrase.

Don’t re-use or share your passphrases.

I like to think of each of my passphrases as though they were my toothbrush: I don’t re-use them too much, and I never share them with others.
In most cases when your passphrase is stolen or compromised, it tends to sit on the dark-web for anywhere between a few weeks to a few months. By changing your passphrases regularly, and by using unique passphrases for each essential login, you prevent cybercriminals from being able to use stolen credentials to access your systems in the long run.

As for sharing them around, if you have team-workers or managerial staff who share a login system with you, it is key that wherever possible you are using separate sets of logins, and most importantly, that those logins are not shared between other systems.

Use a password manager!

Finally, we recommend using a password manager to store your passwords. Between the cyclical news surrounding COVID-19 and our frequently changing workloads as a result of it, our brains are full up.
It’s encouraged to use complex and unique passphrases across a number of devices, but we couldn’t reasonably ask you to remember them all.

This is where password managers come in. Their secure programs that typically plug straight in to your browser, and work like an encrypted encyclopedia of all your login credentials.

Most password managers don’t just remember the passwords, but typically enter them in for you, enable two-factor support, and even create secure, randomly generated passwords for you where needed.

Of all the advice in this article, password managers are likely the most essential. We recommend 1Password, LastPass, and Google Password Manager.

Want To Boost Your Cybersecurity? Forget Your Passwords

Many years ago, when I was a 14-year-old budding computer nerd, I experienced my first data-breach. I’d been playing World of Warcraft for hours on end (I was a kid, quit judging!) when another player offered me an “exclusive” opportunity to test out some new beta weapons and equipment.

All I had to do was enter my logins to the beta-test form, and this promised “exclusive gear” would be added to my account in 24 hours.

An email was sent through with the required form and being young, naive and full of the typical invincibility syndrome that young 14-year-old boys tend to have, I entered my username and password then signed off for the night.

Sure enough, I returned the next day to find that my passwords had been changed, all of my character’s clothes and weapons were stolen, and my email account had been compromised. I’d used the same email and password for my World of Warcraft account as I had for my personal email account.

Thankfully, at that time I had nothing of real value to lose from those accounts, and had some very valuable lessons to learn: don’t trust strangers online, and don’t re-use passwords!

Re-using passwords is a big no-no, but let’s be honest, everyone does it. I don’t know a single person who hasn’t re-used a password across multiple logins. It’s quick, it’s easy, and most of all it’s memorable.

The problem with re-using passwords, however, is that if they get stolen or guessed just once, they can then be used to access everything. It’s like cutting a master-key to fit your front-gate, garage and car all in one. And it’s why a silly encounter in an online game led to my email account being hacked.

In most major cyber breaches the logins are often stolen from somewhere unrelated, such as a social media account or streaming subscription, and then re-used for later attacks on bank accounts or corporate systems.

To avoid credential-based attacks, the expectation is that we use a different password for each and every login we have. However, given that the average person now has upwards of 27 online logins to remember, it’s quickly becoming an impossible task to individualise them and is likely why we’re seeing 81% to 87% of people re-using their passwords in the first place.




Following my first data-breach as a kid, my solution to making and remembering unique passwords was to enter familiar names into the Wu-Tang Name Generator. But what if I told you there was a better way!





My advice moving into 2020: instead of trying to remember all of your passwords, try forgetting them instead with password manager!

The way that password managers work is similar to how a browser’s auto-fill works. When logging in to an account, you type in your username & password just once, then your password manager securely stores and remembers them. Next time you log in, the password manager will take care of the grunt-work and log in for you.

The only password you still need to remember is your master key for the password manager itself.

You’re probably thinking that this doesn’t sound safe, but in exchange for this easy login tool, good Password Managers bulk up their security on the master login. Often times, you’re required to know your master-key, have a two-factor authentication code and authorise the device that you’re logging in from.

In exchange for that hassle, you don’t need to write down or remember any of your other passwords.

Further to being an easy and safe solution to remembering passwords, password managers also enable some huge security benefits:

  • Allows for unique passwords: Wherein you’re now limited by the number of unique passwords that a human-brain can remember (or that your desk can fit on sticky-notes), a password manager has a computer-brain, and can probably remember a few more. This means more unique passwords & fewer memory games.
  • Allows for stronger passwords: Most password managers will automatically suggest complex passwords for you. Instead of using common hackable passwords like donald or password123, a manager enables the use of complex, strong passwords like “t3cH^1©4l j4r30n” without ever needing to type or remember them!
  • Easy Use of Two-Factor: IBM estimates that over 80% of cyber-attacks in the last decade could have been prevented with two-factor and strong passwords. Modern password managers both facilitate stronger passwords, and often come pre-installed with automated two-factor support. In short, this means that any login or hack attempted against your account(s) needs not only the password, but also the two-factor key you set up as well.

Some password managers I’d recommend are LastPassOnePass (my preferred choice), and the updated Google Password Manager with Two-Factor enabled.

Moving into 2020, free up some of that precious brainpower and let a password manager do all that pesky remembering for you!

Author: Leonard Bernardone

Top
Before you go, get a demo of our next-gen security awareness platform and see how we can help reduce your client's human risk.
WAIT!
Thanks, Not Interested
GET STARTED!
Get a demo of our next-gen security awareness platform today. Please fill in the form below and a member of our team will be in touch shortly.
Get a demo of our next-gen security awareness platform today. Please fill in the form below and a member of our team will be in touch shortly.
GET STARTED!
Thanks, Not Interested
GET STARTED!
Get a demo of our next-gen security awareness platform today. Please fill in the form below and a member of our team will be in touch shortly.