The latest major password hack is in the news, and yet again the security breach was made possible by weak passwords. Somehow, in 2019, many of us are still using the simple passwords we created in the early 2000s when it wasn’t such a huge concern.
From Password123, to qwertyuiop, the most common passwords haven’t shifted much, and their ongoing prevalence makes it a cakewalk for hackers to break in. So, what can you do about it? Nobody wants to try to remember 100 different random letter and number combinations, when it’s SO much quicker to just tap in the same old password for everything. But, it doesn’t have to be hard staying secure – here’s our top tips to protect yourself and your data.
1. Use a password manager to be unique
Passwords overall are a pretty vulnerable security measure, but there’s still measures you can take to minimize the risk they pose. Using a password manager negates the need to create and remember complex passwords all by yourself.
Most password management software will allow you to generate a random, unique password on demand, and save it for you to use whenever you need it. Not only does this make it harder to crack into your account by brute force, but if one account becomes compromised, your others are still safe.
2. Multi-Factor Authentication
Using a password alone is like locking the doors but leaving all your windows open – the easiest route is closed, but with a little work the intruder can still get inside. Most accounts will offer you the option to set up two-factor authentication (2FA) or multi-factor authentication (MFA), so once you have entered your password you will be texted or emailed a code/link to prove you are the legitimate owner of the account.
While texting or emailing a code is the most common second factor adopted in MFA procedures, they aren’t the only options. Multi-factor authentication can combine multiple credentials that are unique to the user, and fall into three categories:
- Something the user knows, like a password or the answer to a pre-set question
- Something the user has, like a card or key fob
- Something the user is, like a fingerprint or facial recognition
The benefit of adding a second layer of security is that a hacker who manages to identify a password will have to overcome a new obstacle of an entirely different nature in order to access the account. To learn more about MFA, check out this in-depth blog post we wrote on the subject.
3. Avoid public wi-fi
The internet has become so integrated with almost every aspect of our lives that in 2016 the UN accepted internet access as a basic human right. In 2017, the Indian State of Kerala has backed up the resolution by declaring that every citizen should be able to access free wi-fi, and agreeing to extend broadband connectivity to every house within its borders, in addition to public wi-fi hotspots.
Public wi-fi is pretty much everywhere you go, and millions of people routinely log on to open networks in coffee shops, commuter trains, hotels, and even aeroplanes. However, if you’re concerned about your privacy, you might not want to log in with your latte. When it comes to public wi-fi, there is no way of knowing who may be monitoring your session, from the URLs you visit to the keystrokes you input.
The best way to browse risk free is to just not use public wi-fi at all, but sometimes duty calls and your 4G signal is non-existent. In such cases when you absolutely have to use public wi-fi, there are many reputable VPNs available even for your smartphone, adding that extra layer of security to keep you safe.
4. Check for previous hacks and delete your old accounts
Remember signing up for that random account 10 years ago to enter a competition? Neither do we, but did you know that website was hacked in 2015? The more accounts you have open, the more you are exposed to risks, especially if your password-creation approach has left a lot to be desired.
While it may be difficult to remember every account you opened over the years, there are tools out there to help you. Deseat.me can show you every account associated with your email address by logging in with your Google or Outlook account, and helps you delete the obsolete ones with just a couple of clicks. You can also check if your email address was involved in any data breaches at haveibeenpwned.com, and sign up for alerts when new breaches are discovered.
Unfortunately, “bulletproof security” just doesn’t exist, but taking all the steps available to protect your data puts you in the next best position.
Cybercriminals will always look for new ways to weasel their way in, keeping us all on our security toes. If you’d like to read more about mitigating cybersecurity threats, check out these articles on social engineering and cybersecurity fatigue.