Multifactor authentication (MFA) adds an additional security layer to your online accounts to ensure that unauthorized people do not access your account. MFA tries to make up for weaknesses in the ID/password model of access that have developed over the years. Those weaknesses include simple, easy passwords to guess or break (like using the word “password,” or “password1234”) or using the same password to access several online accounts.
But, even with the spread of the use of MFA, we still rely
on ID and password as an entry into our accounts. There are organizations that
seek to eliminate passwords (https://fidoalliance.org/),
but, until industry adopts another authentication standard, we will be relying
on ID and passwords in whole or in part.
An ID and password represent something we know. But if
someone else also knows that ID and password, by stealing it in a hack of a
major database or purchasing it in the dark web, they can access your accounts and
copy your personal information to use in frauds, or, if it is a bank account,
move money from your account to their own account.
Cyber criminals can also guess your password,
especially if it is easy to guess like password1234, or it is short. In a brute
force attack, cyber criminals use a computer program that guesses passwords. For
passwords under 10 characters a successful guess can be instant or just a few
seconds or minutes, even if you use numbers, upper- and lower-case letters and
symbols. For passwords 12 characters or over a successful guess can take several
years to several lifetimes for a successful guess. This is why cybersecurity
professionals now recommend passwords be 12 characters or longer and contain a
random assortment of numbers, upper- and lower-case letters and symbols.
But this approach causes a problem. Our human brains
cannot remember such complicated passwords. We might be able to memorize one password
that meets this standard, but not several different passwords. And it is easy
for an individual to need passwords for tens if not hundreds of accounts.
A way around this might be to have a “universal”
password. A password 12 or more characters long, with numbers, letters, and
symbols that you memorize and use for all of your accounts. The problem with
that is that if a hacker discovers your password in one account, they can
access any account that you own. And cyber criminals will try your password on
other accounts that you own. This is why cybersecurity professionals recommend
using a different password for each account.
So, you need s separate password for each of your
accounts that you own that you cannot remember. What to do?
Use a password manager. Password managers are apps
that store your passwords for each of your accounts. They can reside on your
smartphone, laptop, and desktop so that you can have access to your passwords
just about anywhere. The information in a password manager is encrypted so that
no one other than you can access it.
Password managers often offer other features that make
it easier to use passwords. They can generate new passwords when you need a
password for a new account or when you change passwords. They can fill in your
password when you sign into your account. They also can synchronize passwords
among several of your devices.
There are several password managers on the market.
Some you pay for and others that are free. Check the “PC Magazine” links below
for resources that evaluate the password managers that are on the market.
With a good password manager and MFA on your accounts,
you improve the security of your personal information. You make it difficult
for a cyber criminal to gain access to your accounts. And if someone does learn
your password, they cannot access your account with MFA.
South Snohomish County Crime Watch:
https://ssnoccrimewatch.blogspot.com/2022/10/cyber-security-multifactor.html.
Norton:
https://us.norton.com/blog/emerging-threats/password-attack#
KFMB CBS8, San Diego:
National Cybersecurity Alliance:
https://staysafeonline.org/online-safety-privacy-basics/what-about-password-manager-risks/
Ask Leo:
https://askleo.com/are_password_managers_safe/
https://askleo.com/responses-to-your-three-common-password-manager-objections/
PC Magazine:
https://www.pcmag.com/picks/the-best-password-managers
https://www.pcmag.com/picks/the-best-free-password-managers
No comments:
Post a Comment