Are Passwords Really Enough?

Hotstar in UAE
Hotstar in UAE

There is an old saying to treat your password like your toothbrush so no one can use it. However today protecting your device requires more than just a good and strong password.

This is because cybercriminals have upped their game, in terms of ability to access people’s account of various types. Hackers have devised other ways to breach your security. These include: social engineering and deployment of malware.

A report by Finances Online has revealed that 17% of hackers have successfully guessed their victims passwords and a whopping 555 million passwords have been stolen by hackers since 2017. The study also revealed 80% of hacking incidents were caused by stolen and re-used login information.

All these mirror the problems with passwords today as they have become too many and in our quest for easy remembrance, we make our passwords very predictable.

Don’t Depend On Passwords Alone

There is a need to think outside the box and device other ways of protecting yourself and we run through some ways to stay protected below:

Use Passphrases

One way to get ahead of cybercriminals in the digital space is to transition from passwords to passphrases. Unlike a password, a passphrase is a sentence or phrase that is made up of capital/small letters, numbers, and special characters. Passphrases stand out from passwords in three distinct areas; length, memorization, and hacking difficulty.

A report by Tech Republic stated that an 8-character password without a good mix of special characters and number can be cracked in just 39 minutes if the hacker uses modern graphic processing methods.

While the typical password has around 8 to 10 letters, a passphrase can contain between 10 to 20 characters. This makes passphrases difficult to guess especially when they contain symbols and numbers.

Finally, passphrases are easier to remember. This is because we use passphrases that are familiar to us. For example “Early to bed early to rise can be pass phrased into: [email protected] t0 Bed [email protected] t0 R1se.

Note the differences below:

Image 849489589

Enable Two-Factor Authentication (2FA)

2FA is a better way to boost safety of your account than passwords. This is because it adds an extra layer of security. 2FA is an extra step added to the login process to verify whether the request of login is actually coming from the true owner of that particular account or device.

Ways to implement 2FA include: use of a verification code sent to your phone, finger print, scan etc. It is named two-factor because it combines two factors in determining the true owner of the account.

It is always a good idea to request the verification code be sent to another device. This is because if your phone is stolen, or you SIM is swapped, the hacker shouldn’t be able to get the verification code. Hackers always target those devices where funds are managed with Banking Apps so they can steal funds. Consider the following scenarios:

Scenario 1 – Assume a hacker breaches your banking App remotely and wants to initiate funds transfer. The app will send a verification code to your phone (if you had activated 2FA for withdrawals) and this will thwart the hacker efforts and also make you aware that someone is trying to access your App.

Scenario 2 – Assume you are a forex trader and a hacker gets hold of your trading platform password and logs in remotely. The hacker could also perform a SIM swap on your mobile line so as to get the verification code. If you had enabled 2FA and requested the code to be sent to a different number, this will prevent the hacker from accessing your account and selling off your currency and wiring the funds out.

According to research by ForexBeginner.com, the COVID-19 pandemic caused an over 300% increase in online forex trading volume in the last 2 years, and there has also been a rise in the scams related to forex & cryptos. Many scammers are targeting traders. Lots of new traders are not aware of the safety risks of using insecure passwords, and many traders also don’t have 2FA enabled for transactions.

The research also found that not all trading apps are equally secure. Out of the 17 platforms which they tested on brokers in Africa, only 7 had 2FA for withdrawals & transactions to other accounts.

Before downloading money management apps, always ensure they support 2FA. Also ensure you activate 2FA where it is optional as most users forget to activate 2FA and some even see it as a burden.

Remember that Jack Dorsey former Twitter CEOs private Twitter account was hacked after a SIM swap was carried out to get his verification code.

Update your Smartphone Software

Smartphones are called smart for a reason. They allow updates and can alert you when something is wrong. Most of the times we get pissed off anytime we get a notification for software updates on our smartphones.

Cybercriminals are always scouring our software for vulnerabilities they can exploit. Since no operating system or software is perfect, hackers could discover a hole and exploit it.

It is the responsibility of the phone manufacturer to develop security patches that will help curtail the vulnerability of their system. As a user, if you fail to install the update on getting notified, you stand the risk of being hacked.

A good example that mirrors the need for constant update of your software is the Equifax Data breach which affected 147 million people.

Equifax used a framework called apache struts on their websites, and the Apache foundation who oversee Apache struts detected a vulnerability in the STRUTS software code called CVE-2017-5638. They immediately deployed security updates to patch the hole.

Unfortunately it took Equifax 2 months after the release of the security patch to update their software and before then the damage had already been done as they were hacked.

Install Trusted AntiMalware & AntiVirus Software

Antimalware is a software program designed to prevent and protect our devices from malware, trojans, adware and many also prevent bugs from infecting our software and operating system.

An antivirus scans your computer software to detect a virus, it notifies you on detecting the virus and may further delete or repair infected files or programs.

Beware of fake Anti-virus programs as some of them are actually viruses themselves. Buy your antivirus from a trusted source and don’t compromise on quality.

Renowned and trusted antivirus programs include Kaspersky, Norton360, McAfee etc. Also remember to update your antivirus program when new versions come out because; the newer versions address the latest security threats.

Maintain good Cyber Hygiene

Web hygiene is the regular practice of ensuring safe handling of important data. It is like personal hygiene where an individual practices a routine of little, distinct activities to stay safe and prevent health problems.

Good web hygiene practices you can imbibe include:

  • Visit only secured https websites
  • Using different passwords for different websites or apps
  • Avoid writing down your login details on paper as anybody can find them
  • Change your passwords often
  • Done copy & paste website addresses into your browser URL(type them manually)
  • Avoid using Public Wi-Fi

By maintaining good web hygiene, you minimize the risk of data compromise, data loss, and you also improve your overall security.

Don’t click On Suspicious Links

To keep your online account protected, you should avoid clicking on any link you cannot verify. In recent times, cybercriminals have devised phishing techniques to access your device.

Phishing has to do with sending emails containing malicious links or creating look-alike email addresses to scam people.

To identify a phishing attempt, do the following:

  • check for spelling errors in the sender’s email address for example [email protected] vs [email protected]
  • If the email contains a link, hover your cursor over the link to reveal the destination URL
  • look out for time barred requests urging you to take action urgently
  • You can also contact the sender using their original contact details to confirm.

Don’t leave anything to chance

Having a good and strong password is no longer a guarantee for cyber safety. Additional security measures are necessary because hackers now have means of cracking passwords using complex algorithms.

Biometrics like facial recognition and fingerprint scanning should be used and if you are downloading an app ensure they come with these features. If you are buying a new gadget also ensure they are equipped with biometrics.

Finally, avoid re-using passwords and leaving a trail for hackers to scam you. Also limit amount of information on social media as this can be used to answer password retrieval questions about you. Do not depend on passwords alone.

2022-06-13 15:06:49