We’ve all been there before: you’re trying to log in to email, TikTok, or something else, but you forgot your password and get locked out. Next you try to change the password, but before you can enter a new one, you have to enter the old one (that you can’t remember).
Or maybe you get notified that your password has been leaked and you find yourself wondering where else am I using this password only to realize … EVERYWHERE?!?
Hackers, hackers everywhere
Maintaining strong password security in today’s day and age is critical. Hackers are out there working hard every day, all day, to break into common systems and steal your information. This is big business for them and selling your information on the dark web pays top dollar.
With the high-end computers and artificial intelligence programs hackers use, cracking simple passwords is as easy as abc123 … which believe it or not is a very common password. They also use very sophisticated social engineering techniques to help guess your password. Our social platforms like Facebook, TikTok, and business platforms like LinkedIn contain a ton of information about us. Birthdays, spouse names, pet names, kids … on and on … and all are easy to find for anyone looking.
Social engineering
Let’s not forget about the cute surveys you fill out on Facebook. Enter the month you were born to see what type of person you’re compatible with. … What was your favorite song in high school? … Pick your favorite color to reveal your true personality. … All of these are designed to have you give up even more personal information.
This is a sophisticated form of attack called social engineering. The hackers pay people to do this research on you because they know passwords are a pain in the neck, or lower, to remember. They use people to research your social media profiles and use that information to feed their intelligent systems with key information like names, dates and your favorite things.
How bad is the problem?
Weak passwords are the most common thread that runs through hacks, ransomware attacks, and getting viruses onto your systems. According to the 2020 Verizon Data Breach Investigations Report, 81 percent of all cyber attacks involved compromised passwords. According to Google’s 2019 The United States of P@ssw0rd$ poll, three-quarters of all Americans get frustrated trying to keep track of passwords. One-quarter use “abc123” or “password123” as logins, while two-thirds use the easily identifiable name of a pet, spouse, or child. And almost half of all Americans have shared their password with someone else.
Earlier this year, Microsoft estimated that its cloud systems receive upwards of 300 million fraudulent login attempts each day. And just last month, Google recommended that millions of users update their passwords after leaks from popular services like Netflix and LinkedIn. That’s because hackers know they only need to swipe one weak or outdated login credential to then gain access to valuable personal information.
I get it, it’s not easy to change — the same Google poll found that less than half of Americans changed their password even after it was compromised. Most of us think of a forgotten password as a necessary but time-consuming nuisance.
What can you do about it?
Many sites and platforms are now turning on what we call multi-factor authentication (MFA). Simply put, if it’s an option, use it!
What is multi-factor authentication? MFA is a secondary login that is unique and has a limited time before it expires. It’s a text to your phone, or an email with a one-time code to enter into your system. Businesses, like mine, should use even more sophisticated tools that are continuously generating codes to further reduce the chance of a hacker stealing your information.
Another great tool set that I am big fan of are password encryption and generation tools. A big player in this area is a tool called LastPass, but there are many good and FREE tools out there. These tools take a bit to set up and get used to, but they free you of having to remember your passwords and more importantly they allow you to use different and very complex passwords for everything.
If you own or manage a business
Password management for small businesses is even more critical. You are protecting not only your own personal information but you have the responsibility to protect your customers’ information too.
Fortunately for businesses, implementing tools like MFA and password generators is simple when you partner with an IT support company to help.
A good IT partner should also have the ability to train you and your team to elevate their security awareness. Training coupled with simulated phishing attacks helps test and establish clear guidelines on what you and your employees can do to help protect your business from these types of attacks.
Summary
In a constantly connected digital world, password protection and login security is critical. We log in to such a wide variety of things, bouncing from one to the other throughout the day. We expect fast, convenient, and streamlined access to our systems and apps. But the more places you log in to and the more places you log in from increase your chance at getting hacked.
Simple solutions like MFA and good password management tools can have a profound impact on the level of risk you have. For businesses, partnering with a reputable IT support company can give you access to tools and training that increase your level of protection and reduce your risk.