Did you know that 80% of breaches in online security are due to weak or reused passwords?
Are you shocked? Good. Are you wondering how you can avoid the faulty password practices that created this terrible statistic? This is the blog post for you.
First, you need to understand that your online security is almost certainly compromised already.
Have you ever used the same password or password variations on multiple accounts? Or used a password that included easy-to-guess elements like your mother’s maiden name, your birth year, or the name of your pet chihuahua?
These are just two bad habits on a laundry list of bad password practices.
Over the next 3 minutes, I’m going to fill you in on everything that makes a bad password bad, and then I’ll show you how to improve your passwords by using multi-factor authentication to bolster your online security.
Why Password Are No Longer Safe
With each passing year, it is becoming more and more common for data to be stolen and accounts to be hacked. In a day and age where both personal and critical financial/business information is stored online, having secure online accounts is paramount.
The cold, hard truth is that simple login passwords just don’t work anymore. If you are using weak passwords and haven’t been hacked yet, then it’s not a matter of “if” you’ll ever be hacked, but “when.”
Here are some of the top reasons why passwords are no longer safe:
People Use The Same Password For Multiple Services
When people reach out to my team, here at Emerald City Solutions, for IT security help, a mistake we frequently see them making is using the same password for multiple accounts.
Reusing an already weak password is a sure-fire way to have your information across multiple platforms stolen. Cyber-security, while still a relatively new concept for the average Joe, is crucially important since even the average person stores large amounts of critical data online.
Take away: make a completely new password for every online account — no simple password variations.
Passwords Are Difficult To Remember
Studies have found that the average business user has nearly 200 accounts — those are a lot of unique passwords to remember!
Most users cope with this by writing down their passwords in unsecured locations on their phones or laptops.
Having passwords written down or sent over text is not a secure way to store passwords and often results in important accounts being compromised.
Passwords Are Easy To Hack
Since passwords are hard to remember, another way users cope is by creating passwords that are easy to remember — throwing in their name, birthdate, favorite city, and other “fun” password elements.
Passwords like this are significantly easier to hack than those with randomized characters and multi-factor authentication.
Passwords Are Often Insecurely Stored By Service Providers
It’s rare for a service provider to also be an expert in cybersecurity. And honestly, most service providers don’t consider tight cybersecurity to be a top priority — they only try to be secure enough to be compliant with regulations.
Service providers aren’t the ones pushing cybersecurity forward — they only step up their game once hackers expose the weaknesses in their security.
This means that you can’t rely on service providers to be your one-stop-shop for online security. You need to be supplementing your login passwords with multi-factor authentication.
What Is The Solution To Weak Online Security & Passwords?
The solution to terrible password security is two-pronged:
- Stop creating weak passwords. This means never repeating a password, avoiding easy-to-guess words, and creating a password out of randomized characters.
- Take advantage of multi-factor authentication.
If you’re new to multi-factor authentication, here’s some information to help you get started.
What Is Multi-Factor Authentication?
Multi-factor authentication (MFA) involves using multiple means to authenticate yourself when signing into an online account. It adds security checks throughout the login process that make it difficult for online hackers to get past.
This diminishes the number of hacked accounts because it is more difficult for hackers to find all of the information necessary to authenticate themselves in multiple ways.
Similarly, multi-factor authentication often requires a confirmation from multiple of the user’s devices — making it all the more tedious for online hackers to get into your accounts.
There are several methods of multi-factor authentication ranging from the user having a token that has an actively changing password displayed. When the user has a desire to login to an account, they simply enter their username along with the current password that is displayed on their token.
Other forms of multi-factor authentication include the use of one’s username, password, as well as confirmation on another device within the user’s possession.
This confirmation is usually sent to the user’s phone — a method that is currently used by Google.
Why Is Multi-Factor Authentication Important?
Multi-factor authentication is essential for online security in 2019.
While online accounts are designed to make access easier, they compromise security through weak passwords. Most of us store valuable information online such as personal information and financial information — both things that we don’t want online hackers to have access to.
Having your personal or financial accounts hacked could result in things like identity theft, financial fraud, and other scenarios that are difficult to recover from.
Multi-factor authentication takes the extra step, making fraud and identity theft that much more difficult for online hackers.
Often, MFA will utilize two or three authentication measures. Examples of authentication methods might include:
- A password that requires knowledge specific to the user
- A password that includes something the user possesses
- A password related to an innate factor about the user (something he or she is)
Forms Of MFA
As briefly touched on above, there are various forms of MFA.
Google Authenticator is perhaps the most often used form of MFA, providing users with an easy app to use in tandem with their other Google apps. Google Authenticator can be used to secure not only all of your Google accounts but also many non-Google accounts as well (such as Facebook and Twitter).
Google Authenticator is extremely easy to download and use and the fact that it can be used across various platforms makes it a good option for multi-factor authentication security.
Widely used for Google and Yahoo, account keys is a method that requires authentication on multiple devices in possession of the user. Account keys usually require a username and password, along with a confirmation code that is sent to another device (typically a phone).
An increasingly popular form of multi-factor authentication, SMS texts are sent to the account user’s phone prompting them to reply or enter in a time-sensitive code to access their account. SMS texts make online hacking difficult as most hackers are not in possession of the account user’s devices.
This form of two-factor authentication requires account users to connect a USB key into their device in order to allow them access to their account. While this effectively prevents hackers, it is also a less convenient method of MFA since it requires account users to carry their USB with them.
A similar form of multi-factor authentication to the USB stick might involve a contactless key, which would be more convenient to users as this would allow them to attach their key to something that they carry with them regularly (e.g. a keychain or purse).
How To Start Securing Your Online Accounts Today
Are you concerned about IT and online security? Your security concerns are not unwarranted. In a day and age where important information is housed online and cyber-hackers are becoming all too common, it’s essential to protect yourself.
If you have questions or concerns regarding cyber-security or two-factor authentication services, contact my team of IT professionals, here Emerald City Solutions.
My IT experts do the utmost to help clients secure their online accounts and feel confident about online safety. Our Seattle-based team ready to answer your IT and cyber-security questions so take the first step towards a more secure future and call us today or contact us here.