By Theresia Joseph, Network Admin for Simply Computing
Nowadays, users have to manage an almost endless amount of login credentials for a wide variety of websites and systems as each of them requires separate logins. Therefore, it is quite common that the majority of users struggle to remember their passwords or even their usernames.
An average of 80% of all cyber-attacks involve a weak or compromised password. Poor password management habits and a lack of digital security practices give malicious attackers the opportunity to access sensitive data and damage personal and professional data.
Despite the risks, most users develop bad password habits to avoid the hassle of forgetting a password and having to reset. In fact, 60% of users choose either too weak passwords or an insecure method to remember their passwords. This makes it easier for unauthorized people to access the system, review sensitive data and damage files or information.
The following list outlines some of the most common bad password habits:
- Using simple words like ‘password’, welcome, monkey etc.
- Using simple numeric combinations as ‘12345’ or ‘123456789’
- Using the characters from your keyboard in order i. e. qwerty
- Using meaningful numbers like birthdays or social security numbers
- Using names from family, friends or pets, eg. the name of their child or partner
- Writing the password down on a sticky note and attaching it to the system
- Keeping passwords in an excel file
Even users with a technical background are tempted to use bad habits. This was shown in an incident from the Hawaii Emergency Management Agency (HEMA) in January 2018 when the government sent out a fraudulent alert of an incoming missile.
During the investigation of the false alert, the federal communications commission found a picture showing a HEMA officer in front of his monitor screen where he attached a couple of sticky notes. One of those notes, spelled out: ‘Password: warningpoint2’. This example shows that unauthorized access to a system can have significant consequences for a business.
Another important fact is that most users share their passwords with too many people as they do not see any harm in doing so. But there are a couple of facts that they often do not consider:
First of all, if a user shares his or her passwords with too many people they will lose the overall view who has access to their systems. Secondly and even more relevant, the user cannot control if the people they trust are also sharing the password with other people. Through creating a habit like this the user will certainly lose control of their own account.
A related problem is that many users also use the browser function from safari, chrome, etc. to store their usernames and passwords. Those users often do not recognize that anyone who uses their computer for whatever reason will also have access to all user accounts.
This attitude might change if a user begins to consider their passwords like they are the keys for their house. People hesitate to share access to their personal belongings with just anybody. For a good reason.
Using a password generator is one way to create a unique password. Tools like “Password Generator” will automatically generate passwords based on user specific guidelines, including upper and lowercase letters, numbers, symbols, pronounceability, length, and strength, eg. “GEnnGspJF2yJM”.
However, passwords like the above or “2rdiaw,aI,Itt1ltb,atmatd” can be very difficult and almost impossible to remember, but using the following trick will help to memorize a password and increase the security for any user account.
- Chose a phrase out of a song or a book, f. e.
“Two roads diverged in a wood, and I, I took the one less traveled by, and that made all the difference.”
– Robert Frost
Ideally, this phrase has an individual meaning for the user and is not well known by the rest of the world.
- Convert numerous words into numbers:
2 roads diverged in a wood, and I, I took the 1 less traveled by, and that made all the difference.
- Choose the first letter of each word by keeping it case sensitive.
2 roads diverged in a wood, and I, I took the 1 less traveled by, and that made all the difference = 2rdiaw,aI,Itt1ltb,atmatd
- Alternatively, it is also possible to convert letters that are similar to number into numbers: 0=O, I=1, Z=2, E=3 and so on, i. e.
Tb0ntb,t1tq = “To be or not to be, that is the question.”
– William Shakespeare
Furthermore, to increase the security for user account some applications or websites provide the option to add the multi-factor authentication method to the login process. This method only grants access for users after they have successfully presented two or more pieces of evidence for authentication.
The most common method is the so-called two-factor authentication (2FA) which confirms the identity of the user by using two different methods. The best-known example for this method is an ATM withdrawing where the user has to provide their card and their personal PIN to allow the transaction. Leveraging smartphone applications like Google Authenticator or Authy, which provides a two-factor authentication code to complete the login process, can also be used to protect online user accounts.
Using passphrases will help user to memorize their passwords. However, due to the number of separate user accounts, a user still might struggle to remember all of those different passphrases, especially when they do not require frequent access to specific user accounts.
In this case, password management tools like “Keeper Security Password Manager” or “LastPass” provide a simple, but secure solution to store passwords and keep them up to date.
In summary, everyone should be aware of the risks they are exposed to and protect user accounts and important by ensuring a proper password protocol:
- Creating strong passphrases for each individual account
- Using a password management tool to store passwords and keep them up to date
- Credentials should not be shared with anyone for any reason
- If possible add two-factor authentication to protect the user account
