With the final countdown to Christmas underway and with more and more people choosing to shop online, have you ever wondered just how secure your passwords really are?
If you consider that the average digital user has 6.5 passwords shared across 25 different accounts and types in an average of eight passwords a day, is it any wonder people resort to ‘password’ or ‘123456’ so they can make it easy on themselves?
Unfortunately, they are also making it easy for those that wish to get access to their password and ultimately their data, causing all sorts of devastating consequences. The figures are changing all the time but on average, over 80% of data breaches are caused by hacked passwords.
Your password can be hacked in several ways. Look out for unencrypted websites – those that are, should have the little ‘lock’ icon on them at the beginning of the URL bar. Browsers are also starting to warn you if you try to enter an unencrypted website.
As mentioned, people are all too quick to dash off a simple password. If you can remember length is strength, combined with randomness, you’re on the right tracks to getting a secure password. However, this won’t negate against people attempting to steal files containing your passwords, or someone actually tricking you in to handing over a password. Who hasn’t had a call from their ‘bank’ or ‘internet service provider’, convincing them there’s an urgent problem and asking for your password. Known as social engineering, this particular ruse is on the rise and becoming increasingly sophisticated. So, whilst a long and random password may be deemed strong, it’s not a cast-iron guarantee that your digital data is safe.
This is where two factor authentication (or 2FA as it’s known for short) comes in. In short, you are using two factors of authentication to gain access to your account. A factor is something you know about (eg. your password), something you have (eg. your phone) and something you are (eg. your fingerprint). By combining two of these factors – your password and your phone – you are providing two layers of protection to your digital data.
How do you get it?
You install a code generating app (such as Google Authenticator) on to your phone and scan a QR code to load the secret key into the app. It then generates a one-time password every so often (eg. 30 seconds) which allows you to log in. Without the physical device where you input the code (usually your mobile phone), attackers are unable to access your password protected data.
And where should you store your passwords? A password manager, which may seem ironic given they are online. However, not only will they suggest strong passwords for all your items that need passwords, they will also store them in encrypted databases with a master password. It never gets sent to a server; it just sits on your computer, encrypting your data, so someone would have to physically break in to your specific computer to gain access your passwords.
We are living in a digital world where it is no longer safe to protect our most sensitive data with a password, whether it be business or personal. Speak to your managed services provider about adding that extra layer of security. We’ve also produced a handy leaflet about two factor authentication which can be downloaded here.