No one likes dealing with passwords, but the reality is we need some form of identification and authentication to protect our digital reputation and information as well as to facilitate customized online experiences. As we celebrate World Password Day 2016, it is time to make passwords both strong and easy to use.
At some point, someone told you passwords were going away. That person lied. Passwords are here to stay, in one shape or another. Although unwieldly, they are still the most prevalent means to validate a user.
The key to reduce the frustration of passwords is to streamline their use while still benefiting from the protection they provide. But there is an inherent conundrum: If you don’t use them correctly, they don’t provide much protection. If you do use them properly, they are horribly difficult to manage and adversely slow down our digital experiences.
I may be an anomaly, but I now have more than one hundred login accounts. Most I use only sporadically, but I do need them. As a security advocate, I know better than to reuse passwords or simply increment them in a simple way. That would be insecure. To be honest, I don’t have much trust in some of the domains I sign up for. I suspect some admins might take a peek at users’ credentials or, even worse, their security practices are insufficient and my password may eventually be stolen by a malicious hacker. Either way, I expect several of my passwords will eventually be exposed. Attackers then like to try those passwords on other accounts and look for patterns that the victim might use. If the attackers find a pattern, that is bad news. Like dominoes falling, your accounts too will tumble into the hands of attackers. They will be able to log in, steal your data, and impersonate you if they wish. The damage can be serious enough for anyone to regret employing simple shortcuts to save time.
But don’t despair; there is hope. Now is time to take the sting out of password management.
Passwords are protective only if you use them correctly, but they don’t have to be hard to live with. Get organized, let technology do the work for you, and follow these four simple rules:
1. Use strong passwords or, even better, a pass phrase. Passwords are useless if they can be guessed or easily succumb to brute-force attacks. So make them challenging. And when in doubt, change them. Top web services look for suspicious patterns of activity and will notify users of a possible account breach. Don’t ignore these warnings! Change your passwords immediately by opening a new browser window and navigating to the site to change your password. (Never click on links in emails to do this.)
2. Make passwords unique. Never use the same password across different sites. That makes it simple for attackers to compromise your entire digital life. Furthermore, don’t make simple increments when changing passwords. Moving from Password1 toPassword2 is just asking for trouble.
3. Use a password manager. Retire the Post-it notes or spreadsheet file. Using a reputable password manager is a huge time saver and will actually add more security into the mix. Integrated password managers can automatically log users into websites and applications, which is tremendously convenient. They facilitate the use of insanely strong and unique passwords, and make annoying expiration notices a snap to deal with. No more trying to navigate and interpret the obscure hieroglyphs as part of your secret code. Password managers can generate ridiculously complex passwords that you never need to type in. They can handle the brunt of all the work. There are secure solutions, such as Intel Security by True Key, that help take the pain out of the process.
4. Biometrics and multifactor authentication is best. Biometrics can greatly reduce the frustration of logging in. Fingerprint readers on phones and facial recognition on PCs are great to speed access. Systems are also emerging that can detect when you walk away and lock the device. Next-generation solutions will go a step further and unlock your device automatically when you return. Multifactor authentication schemes should be employed in high-value situations. If your password is compromised, the attacker still needs another form of authentication to proceed. This step thwarts all but the most elite types of attack and is well worth the extra effort for financial accounts and very private communications.
First Published at Mcafee Blog
Comments
Post a Comment