Password suck, am I right? It’s often seen as an annoying little obstacle to getting at our beloved applications and personal data. Yet historically it’s the only thing that allows us to keep our data separate from everyone else’s. It’s also the only thing that keeps our data private, ensuring that only we have access to the myriad applications and social media accounts that make up our modern life. Being the victim of a password hack is, at best, an anxiety riddled experience. At worst it can cost us money and reputation.
Case in point – in 2012 Burger King’s twitter account was hacked. The perpetrators were able to send embarrassing tweets to the fast food company’s 80 thousand some followers. Beyond the mystery of why people would follow burger king’s twitter feed in the first place, is the greater question of how hackers were able to gain control of the burger conglomerates social media to begin with. It’s a huge corporation. One would think that they have their IT bases covered, so to speak. Wrong! Surprisingly it’s pretty easy to hack a password. In fact it’s so easy that it happens all the time.
Why, you ask? Well, it largely comes down to the fact that people are just not that good at online security. A professor of mine put forth an interesting perspective regarding security – that it all comes down to ease of access. The more secure you make something, the harder it is to access it. And people are lazy. They want what they want when they want it, and they don’t want to jump through any hoops in order to get it. So instead of unique and strong passwords, people opt for simple passwords that are easy to remember and take little time to punch in. For example the most common password in 2015 was ‘123456’. The next second most common password was, get this, ‘password’ (source).
And the problem with passwords is exacerbated by the fact that we have too many of them. Yes, we live in a world where there is an app for every conceivable purpose under the sun – and each of these apps need their own password. In short, we as a civilization are experiencing password fatigue. And this results in a lot of the bad habits listed above. Statistically speaking, most of us are just bad at securing our passwords.
55% of user use the same password for every site (source ).
21% of people use passwords that are over 10 years old (source ).
18% of workers share their passwords with fellow employees (source ).
But it’s too hard to keep track of all these passwords, you say? Well, yes, it is. No one would disagree. Unfortunately the common answer to the question of security is that the user should provide a unique and secure password for each application requiring a login. In theory that’s great. But in practice it’s just not realistic. I wish it were, but it’s not. The problem is that people are not going to actually follow the security recommendations made by the IT community.
So here are some alternative security methods that can help you remain secure without having to memorize a million different passwords.
Use a Password Manager
A password manager is an application that stores passwords and often automates the login process on behalf of the user. You would of course want to create a strong and unique password for such a service, as it’s the key to all of your other passwords. An example of such a service is 1Password, which can be setup to work on all of your devices for $3 a month.
Use two factor authentication
Many common applications offer two factor authentication. The list includes google, facebook, twitter, evernote, yahoo, instagram, dropbox, linkdn, paypal, wordpress, amazon, and microsoft (although using it with Microsoft can reportedly break your auth in related Microsoft products, which isn’t all that surprising, come on Microsoft). Go to this site for a list of applications that support 2 factor auth, as well as instruction on how to set it up.
Two factor authentication can usually be setup to trigger when your account is accessed on a different account. For example if I’m in a different town accessing my google account from a different computer, my google account notices the difference and makes me verify my identity using my pre-established two factor authentication. In my case it sends a time sensitive code to my cell phone. I have to enter this code to access my account.
Use Multiple Browsers
Use multiple browsers and classify them in groups according to their use. The first class we’ll use for promiscuous browsing. Use this browser for general web browsing, playing games, visiting those clickbait sites like huffington post and buzzfeed etc. Next, have a browser used only for conducting business such as e commerce. For example online banking and ordering stuff from Amazon. Where does social media fit in that spectrum? Well, it depends. What do you use your social media for? Are you more like Burger King, relying on a social media channel to help peddle your Whopper wares? Then you might classify that social media account under your serious browser. If, on the other hand, you are mainly using your social media to, well, be social, you might classify it under promiscuous.
Classify Passwords According to Use
A safer alternative to using only one password for everything, while balancing ease of access with security, is to have a few strong passwords that you use. Furthermore you should classify the passwords according to sensitivity. For example the strongest password would be used for online banking. The weaker passwords could be used for less serious applications such as games. Still, and whatever your approach, try to make your passwords more complicated that ‘123456’.
As always Mad Hatter Techs provides commercial and residential computer repair and IT support to Boise, Meridian, Nampa, Caldwell, and the Treasure Valley. Please contact us if you have any questions related to computer and application security, need your computer fixed, or have a burning IT question that we haven’t yet addressed in our weekly blog.