On a normal day, an average computer user is required to input password to at least five different places (Windows, e-mail, social media, online banking, e-commerce). More often than not these passwords are same and are hardly changed once set.
Passwords are the most abused and vulnerable security technology yet they can’t be replaced. They could be enhanced when combined with other technologies, such as one time password (OTP). Use of OTP along with a regular password is called two-factor authentication. Companies have started adopting two-factor authentication as the primary way to authenticate users. However, due to the cost factor and other reasons, not many are implementing it.
Two-factor authentication or not, users are still required to set a password. A recent study shows how stupid people are with their password. Keep in mind that it’s your password that’s keeping the bad guys away from your information. The more clumsy you are the easier their job becomes. Here’s a list of seven cardinal sins that you shouldn’t commit:
- Using obvious strings: This goes without saying that strings like, “password”, 1234567, abcdefg, abcd1234 must not be used. Don’t be that lazy!
- Using same password across all accounts: You won’t believe how many people use same password for their email, online banking, social media and other accounts. It’s like they use one key for all locks in their house. Now why on earth would do that! One reason is that it is easy to carry a bunch of keys in the pocket but not multiple passwords in memory. The trick is to use pass-phrases instead.
- Sharing passwords: People often share their passwords with family members and close friends. This is a risk, especially when it is used for all accounts. You never know how and when your trust could be exploited.
- Using publicly available information: Most people use either their birthday or car number or phone number or any other information that’s easily available about them. This makes them an easy target.
- Use dictionary words: One of the easiest and surest way of getting hacked is to use a dictionary word as a password. Remember, bad guys have access to the same dictionary and tools that would run the entire dictionary in matter of hours.
- Writing down: What do people do when they come across something that’s important but feel they’ll forget it? They write it down. Same goes with passwords. It’s not always bad to write it down but when it’s done on a post-it note that’s stuck on the keyboard, that’s a sin. Use password manager applications to help you juggle multiple passwords.
- Not changing frequently: Passwords, once set, are never changed. That’s the case with 67 percent of internet users. While few websites, such as online banking, have mandated password change every 90 days, most don’t. They leave it on the good sense of users to change their’s periodically. Ironic isn’t it!
How many of the above sins have you committed? Do let us know!
Uday Mittal (OSCP, Associate CISSP, DCPP) is the founder of Yaksas CSC. He has over 4 years of experience in dealing with various issues related to cyber security. He is actively working towards educating people on cyber security risks and steps to mitigate them. He’s also a member of (ISC)2, ISACA and DSCI.