Alternative methods of verification are on the rise, but the old fashioned password is still a long way from being replaced. With so much relying on them, the strength and security of our passwords is crucial, but all too often overlooked.
Judging from the list of the 25 most popular passwords revealed at the beginning of this year, it's clear that we all need a refresher on how to use passwords securely. When so much of our business and personal lives take place digitally, it's fairly shocking that our digital assets are being secured by flimsy old classics like '123456' and 'password'.
Tomorrow's second annual World Password day was started by Intel Security last year to encourage people to have a password overhaul at least once a year, while advising them on creating better and safer passwords.
Meanwhile on Twitter, Intel Security is encouraging people to share their #PasswordConfessions.
This year, Intel's tips on password security are much the same as last year's – making them longer and stronger, using unique passwords for every account, not using one word passwords and changing them regularly.
All of this might seem obvious, it seems to have fallen on deaf ears. In the real world, people don't always have the time or patience to remember many different, complex passwords in their day to day lives.
It should come as no surprise then, that researchers estimate 90% of user-generated passwords are vulnerable to hacking. Even 'secure' passwords provide minimal protection in a world where massive password leaks are commonplace.
One word passwords may be easiest to remember but they are also predictable and often short, and so easy to guess. These kinds of passwords are inherently insecure because hackers can use a method called a 'dictionary attack' to crack passwords by simply trying every word in a database. A computer algorithm may be able to accurately guess your password even if a human can't.
Just recently, hackers stole login data for more than seven million members of the Minecraft site Lifeboat. The website blamed its users' poor quality passwords for the breach, but it had advised them to create short passwords, deciding that because no financial information was involved that this would suffice.
Unbeknownst to users it had then hashed the passwords using the easily breakable MD5 algorithm. All this goes to prove that we can't rely on service providers and vendors to keep our passwords secure – it's up to users to undergo basic password hygiene on a regular basis and ensure they're high quality.
'Many users are overwhelmed when asked to memorise so many passwords,' said Andreas Heißel, security officer at remote control and collaboration software firm TeamViewer. 'I always recommend using password safes – there are many free options available – allowing you to keep your security up to an acceptable level, while you only need to remember one strong password.'
Heißel shared five some simple best practises for creating and keeping safer passwords:
- Create different passwords for each account – If you use the same credentials across multiple accounts and even just one gets compromised, this will leave your other accounts vulnerable and at risk.
- Do not share your passwords – A password is a secret word or phrase by definition, and you should always apply discretion when it comes to sharing them.
- Change your passwords regularly – Even if you are using a safe password it is important to change them regularly. It may take a while for you to realise when an account has been compromised, so make sure you update your passwords on a regular basis – and stick to a schedule so you don’t forget!
- Don’t use personally identifiable information – Having multiple strong passwords can be hard to remember. Many users try to make remembering passwords easier by utilising names and dates that have personal meaning. However, criminals can use publically available information and social media accounts to uncover these pieces of information, and therefore guess passwords.
- Use two factor authentication – While using strong passwords is a great first step, adding another layer of security with two factor authentication provides a greater level of protection. This means in addition to a password, a second factor – often a security code delivered to a mobile device – is needed to log in to an account.