Some people may think that all they need is a “strong password” to protect their online accounts. However, while a strong password is important, it is not the only technique that you should use in your toolkit. There are several ways cybercriminals can use to gain access to your online accounts besides cracking your password. There are no single magic techniques to protecting your personal information.
Modern security thinking works in layers. It uses several tools
and techniques to protect your house, your business, or you as a person. For
example, if you want to protect your home and its contents from a burglar you will
lock your front door. But locking just your front door does not guarantee that
a burglar cannot break into your house. A burglar could go to the side or back
of your house to find a way in. You also need to lock any side doors or back
doors. Plus, you need to close and lock any windows. Even by locking all of
your doors and windows there is a chance that a burglar can find a way in, so
you might put valuables like jewelry and sensitive papers in a safe or locked
file cabinet. You also might put away small electronics like your laptop and
cell phone. Finally, you might sign up for a security system with cameras to alert
police of an intrusion. That way police can possibly catch the burglar in the
act or more likely, you can hand over video of the burglar on your property that
police can use in their investigation. All of these steps are examples of
layered security.
To protect your personal information and your online accounts you
also need to think in layers. There are several ways cybercriminals can acquire
your passwords and therefore gain access to your online accounts. Relying only
on strong passwords is not a magic bullet.
Don’t get me wrong. Long, strong passwords are important to protecting
your online accounts. An eight-character password made up of numbers, upper-
and lower-case letters and symbols takes about 5 minutes to crack with current computer
technology. A 16-character password made up of numbers, upper- and lower-case
letters and symbols, the current recommended standard, takes about 5 billion
years to crack. Pretty impressive protection. But there are other ways for a
cybercriminal to acquire your password. Two ways include buying a list of id’s
and passwords that have been acquired in a data breach. A cybercriminal could
also send you a phishing email. or text message with a link that either sends
you to a fake website that looks like the login page of your account or inserts
malware to collect your password.
So, if cybercriminals can steal your password what can you do? You
can add a layer by using multifactor authentication (MFA) in addition to a password
for all of your accounts. With MFA you verify who you are through email, text,
or an authenticator app on your smartphone. You may use a temporary code (something
you have) or your fingerprint/face (something you are). If a cybercriminal
tries to log into your account, they will not receive the MFA message since it
is sent to your email or to your smartphone via text message or the
authenticator app. When you receive the message, if you are not logging into
your account, then all you have to do is to deny access.
Another technique is to use a unique password for each of your
accounts. Using the same password, even if it is strong, across several
accounts has turned into a dangerous practice. If a bad guy acquires your
password for one account, they will try other accounts that belong to you on
the chance that you use the same password to access those accounts.
You should also use antivirus software to protect yourself from malware
that could steal your personal information, including your passwords. Be sure that
you set it to update regularly and be sure your operation system and your
software update regularly.
Finally, use a password manager to store your passwords. We all
accumulate many accounts, sometimes in the hundreds. It’s impossible to
remember all of those complex passwords. Password managers are encrypted so your
passwords are protected from unauthorized eyes. That is even more protection
than keeping your passwords in a notebook in a drawer of your desk.
They can also generate new, strong passwords for you when you are opening new
accounts or changing passwords due to a data breach, or you suspect someone has
stolen your password.
When you are protecting your online accounts, think in layers,
long, strong passwords, multifactor authentication, unique passwords for each
of your accounts, and keep your software and your antivirus software up to
date.
Ask Leo:
https://askleo.com/another-reason-not-to-reuse-passwords/
Compass IT Compliance:
https://www.compassitc.com/blog/what-will-quantum-computing-mean-for-passwords-and-encryption
Norton:
https://us.norton.com/blog/emerging-threats/password-attack
No comments:
Post a Comment