During the holiday
season, millions of people will unbox new phones, gadgets and electronics. Ask
anyone and they will agree that technology needs to get simpler. As Henry
Thoreau wrote, "Our life is frittered away by detail... Simplify, simplify".
Complexity is a
word people frown upon related to technology. Yet, technology in the area of
password protection needs to get stronger and more complex to keep the bad guys
out.
At
a time when most devices connect to the Internet, making it harder for
intruders to gain access is essential. The number one way hackers access an
online account is through stolen or misused credentials, according to the
annual Data Breach Investigations Report from Verizon.
The biggest
concerns companies have about security breaches is their own employees, who
unknowingly expose valuable company information to intruders.
To protect
themselves, companies are banning employees from using portable devices like
USB drives. They want them to be cautious about posting on social media sites.
They discourage sharing vacation plans online or leaving "out of
office" email replies on work emails.
Facebook reports that every day,
imposters attempt to compromise 600,000 accounts to access messages, photos and
other personal information. Thieves search the website by postal code to learn
who informed their friends that they are on vacation. According to Marc Goodman,
"Vacation
plans on Facebook or Twitter are like a 'please rob me' signal ...Some 78% of
burglars get their leads from social media."
In many cases, the
crooks target employee laptops and computers in the home, that are used to
sign-on to corporate networks.
In
a recent Wall Street Journal article, about 30 percent of data breaches
in 2015 were caused by employee error, according to a survey published in
December 2015 by the Association of Corporate Counsel. In 2014,
JP Morgan experienced a cyber security breach that affected 76 million
households. The investigation discovered a financial
planner with the firm accessed 350,000 client data records illegally and took
the information home. The firm believes Russian hackers gained access to the
employee's computer at home and posted the client information online. While no
client data was compromised, cyber security specialists say that a stealing a
customer social security number, an email or a phone number is an important
first step for a future breach.
Here
are five password management strategies to keep the bad guys out.
1.
Use different passwords for accounts.
If
you put all your eggs in one basket, a breach could wreak havoc to your
business if you have use the same password across accounts. According to
criminal-record database service Instant Checkmate, almost three out of
four people use the same password for more than one site, while more than three
out of five smartphones users do not use a passcode to protect their device.
One third of people use the same password for every website with weak passwords
like '12345.'
2.
Use two-factor authentication
This type of
verification adds another level of security to your online account. In addition
to providing a regular password, the user must enter a one-time code when
logging into an account or service. In most cases, a code is sent to your
mobile phone as a text message. After entering a password, the user must then
enter a one-time code. This service is offered by most established companies
like Google, Dropbox, Apple, Evernote, Microsoft, Twitter, Linked and Facebook.
According to a
TeleSign Consumer Account Security Report, published in June 2015,
"72 percent
of consumers want advice on how to protect the security of their online
accounts. .. 77 percent of users use a password that is one year or
older."
In
August 2014, hackers attacked Apple iCloud accounts and leaked private photos
for Jennifer Lawrence and other actors.
Apple quickly confirmed its systems were not breached but that compromised
accounts came from usernames, weak passwords and security questions.
3.
Use a password manager.
Password
manager programs work across platforms on any computer and device. Their
primary function is to remember all passwords you use across devices, so you
don't have to. Many also generate strong passwords with a single click. The
most popular password managers are DashLane , LastPass
, RoboForm , Sticky Password and LogMeOnce,
which charge a monthly or annual subscription fee.
4.
Use HTTPS instead of HTTP whenever possible
Websites that have
an https:// before the website name, add an extra security layer called SSL by
encrypting your browser. It is recommended to use https:// whenever possible
especially when performing banking or financial transactions online. In other
words, communications sent over regular HTTP connections are in plain text and
can be read by intruders that break into the connection between your browser
and the website. With HTTPS, all communication is securely encrypted. Due to
SSL (Secure Socket Layer), an intruder cannot decrypt data that passes between
you and a website.
5.
Don't use security questions when you forget your password
Most companies ask
customers to answer "security questions" when registering for an
online account. When a user forgets their password, they are asked to answer a
few security questions. The problem with this is approach is that many users
answer easy questions like favourite food, mother's maiden name, city of birth
or favourite sport. Hackers have a reasonably good chance of guessing the right
answer by monitoring your social activity. Google recommends having an
alternative email address or an SMS option, instead of providing answers to
security questions. Verifying a password by answering security questions should
be a last resort.
Summary
While simplicity
is highly desirable when we think of technology, it is an undesirable when we
think about secure online accounts. Strong passwords are highly recommended
with additional security measures as outlined in this article. The goal is to
make it as difficult as possible for a hacker to breach an online account.
No comments:
Post a Comment