Want To Boost Your Cybersecurity? Forget Your Passwords
Many years ago, when I was a 14-year-old budding computer nerd, I experienced my first data-breach. I’d been playing World of Warcraft for hours on end (I was a kid, quit judging!) when another player offered me an “exclusive” opportunity to test out some new beta weapons and equipment.
All I had to do was enter my logins to the beta-test form, and this promised “exclusive gear” would be added to my account in 24 hours.
An email was sent through with the required form and being young, naive and full of the typical invincibility syndrome that young 14-year-old boys tend to have, I entered my username and password then signed off for the night.
Sure enough, I returned the next day to find that my passwords had been changed, all of my character’s clothes and weapons were stolen, and my email account had been compromised. I’d used the same email and password for my World of Warcraft account as I had for my personal email account.
Thankfully, at that time I had nothing of real value to lose from those accounts, and had some very valuable lessons to learn: don’t trust strangers online, and don’t re-use passwords!
Re-using passwords is a big no-no, but let’s be honest, everyone does it. I don’t know a single person who hasn’t re-used a password across multiple logins. It’s quick, it’s easy, and most of all it’s memorable.
The problem with re-using passwords, however, is that if they get stolen or guessed just once, they can then be used to access everything. It’s like cutting a master-key to fit your front-gate, garage and car all in one. And it’s why a silly encounter in an online game led to my email account being hacked.
In most major cyber breaches the logins are often stolen from somewhere unrelated, such as a social media account or streaming subscription, and then re-used for later attacks on bank accounts or corporate systems.
To avoid credential-based attacks, the expectation is that we use a different password for each and every login we have. However, given that the average person now has upwards of 27 online logins to remember, it’s quickly becoming an impossible task to individualise them and is likely why we’re seeing 81% to 87% of people re-using their passwords in the first place.
Following my first data-breach as a kid, my solution to making and remembering unique passwords was to enter familiar names into the Wu-Tang Name Generator. But what if I told you there was a better way!
My advice moving into 2020: instead of trying to remember all of your passwords, try forgetting them instead with password manager!
The way that password managers work is similar to how a browser’s auto-fill works. When logging in to an account, you type in your username & password just once, then your password manager securely stores and remembers them. Next time you log in, the password manager will take care of the grunt-work and log in for you.
The only password you still need to remember is your master key for the password manager itself.
You’re probably thinking that this doesn’t sound safe, but in exchange for this easy login tool, good Password Managers bulk up their security on the master login. Often times, you’re required to know your master-key, have a two-factor authentication code and authorise the device that you’re logging in from.
In exchange for that hassle, you don’t need to write down or remember any of your other passwords.
Further to being an easy and safe solution to remembering passwords, password managers also enable some huge security benefits:
- Allows for unique passwords: Wherein you’re now limited by the number of unique passwords that a human-brain can remember (or that your desk can fit on sticky-notes), a password manager has a computer-brain, and can probably remember a few more. This means more unique passwords & fewer memory games.
- Allows for stronger passwords: Most password managers will automatically suggest complex passwords for you. Instead of using common hackable passwords like donald or password123, a manager enables the use of complex, strong passwords like “t3cH^1©4l j4r30n” without ever needing to type or remember them!
- Easy Use of Two-Factor: IBM estimates that over 80% of cyber-attacks in the last decade could have been prevented with two-factor and strong passwords. Modern password managers both facilitate stronger passwords, and often come pre-installed with automated two-factor support. In short, this means that any login or hack attempted against your account(s) needs not only the password, but also the two-factor key you set up as well.
Moving into 2020, free up some of that precious brainpower and let a password manager do all that pesky remembering for you!
Author: Leonard Bernardone