Password security: Why you should care
Do you leave passwords on sticky notes, use your child’s name or some other simple combination to protect your personal accounts or company’s data?
If you do, it’s time for a lesson in cyber security.
Passwords -- especially those not supported by two-step verification - are your last lines of defence against hackers. New research shows cyber incidents are the top global risk for businesses.
Dashlane, a credential management company that stores and manage passwords through a desktop or mobile app, recounted the biggest mistakes companies and people made over the last year when securing accounts via a password in its recently released fourth annual Worst Passwords Offenders list.
Missteps are easy
“The drudgery of passwords, account creation and recovery, and the fear of what you need to do after a big company data breach are all legitimate concerns for everyone using the Internet,” Dashlane co-founder and CEO Emmanuel Schalit said on the company’s website. “Our Worst Password Offenders list serves as an annual reminder of how easy it is to make a misstep on the web, no matter your status.
The worst offender was Facebook, which made two critical mistakes from which all companies can learn. It not only exposed passwords of hundreds of millions of users internally to its employees, Facebook also breached user privacy by asking for the email passwords of new users and harvesting contacts without consent. The tech giant also violated security best practices by storing account passwords in its internal data storage system for years in plain text.
It then left a server unprotected – meaning, without a password – leaving 400 million users’ phone numbers and record exposed.
Google took second place as the company admitted that it, similarly to Facebook, had stored passwords as plain text … since 2005.
Inadvertent exposure
Dashlane noted people were also inadvertently exposing their own passwords. The company called out actress Lisa Kudrow who posted a photo of an article about an upcoming role. But included in the photo was a password written on a sticky note attached to her computer monitor.
Or, there’s the case of U.S. Congressman Lance Gooden who was caught on camera unlocking his phone with the code “777777.” Talk show host Ellen DeGeneres admitted her password skills were lacking after her Instagram account was hacked. She was using the password “password.”
According to CNET, there are a few ways your account can become compromised:
1) Someone is out to get you. If people know you well, they may be able to guess your e-mail password and use password recovery options to access your other accounts;
2) You become the victim of a brute-force attack. These attacks work by systematically checking all possible passphrases until the correct one is found.
3) There's a data breach. It’s becoming more and more common for another huge company reports a hacking resulting in millions of people's account information being compromised.
RELATED READING: Major Canadian Data Breaches of 2019
The key to passwords is complexity. They should contain a combination of numbers, symbols, uppercase letters, lowercase letters and spaces. Passwords should be free of repetition, dictionary words, usernames, pronouns, IDs and any other predefined number or letter sequences.
Dashlane recommends the following tips:
- Use a different password for every account. Password reuse is an epidemic. “Repeating the same password across your accounts is a lot like using the same key for your house or your car,” the company said.
- Use two-factor identification. It adds an extra layer of security by using two of three verification methods, such as your password, biometrics and a smart card.
- Get a password manager. A password manager is the only way to safely and conveniently manage complicated and unique passwords for an unlimited number of accounts, while providing automatic logins and secure autofill of personal and payment information.
RELATED READING: How to check the strength of your password