Password theft is a leading cause of cybersecurity incidents. Cyber criminals go about stealing passwords in a variety of ways, from social engineering schemes to dictionary attacks to actual password-stealing malware.
Good password hygiene is crucial in today’s digital world, yet unfortunately most people still favor convenience over security. Today we look at important aspects of password management and keeping our login data safe.
A recent Bitdefender study focused on consumer behavior online revealed that six in 10 people face at least one cyber threat in a 12-month span. A key culprit was poor password management.
The survey, commissioned last year by Bitdefender and carried out by the market research firm iSense Solutions, enrolled 10,000+ internet users to gauge attitudes towards cybersecurity threats, and to determine online behaviors across various demographics. A key finding immediately stood out: half of internet users either recycle a handful of passwords across all their accounts, or use a single password for every online account. Not only that, but many users favor simple passwords that are easy to guess in dictionary attacks.
What constitutes a strong password?
If you can’t be bothered to employ different passwords for every account, at least make those few passwords you use hard to guess. That means you should go at least eight characters long (preferably more), use both upper- and lowercase letters, numbers and special characters (#%$ etc.)
Use a password that only you can remember and others will find hard to guess, meaning you should skip names, birth dates and other stuff that some might correlate to you.
And don’t write it down on paper or in an easily accessible file stored on your laptop or phone. It doesn’t matter how complicated your password is if it can be accessed and read in plain text.
Why using a password manager is a great idea
Everyone agrees that keeping a different password for each account is a chore. But it’s the way to go if we want to limit damage from an unforeseen data breach. If you use the same password across social media, online stores and streaming services, all it takes is one of those services to suffer a breach and the password for ALL your accounts ends up sold on the dark web to cybercriminals.
This is where a password manager really comes in handy. It generates strong passwords for you and stores them safely behind the strongest data security protocols for easy auto-fill when you need them. All you have to worry about is your master password.
Use multi-factor authentication. Always
These days almost every online service offers the option to enable a secondary form of authentication that goes beyond the simple password login. Whether it’s a string of numbers sent via SMS or a four-letter code dropped in your inbox, multi-factor authentication (MFA) makes sure it’s you who is logging in, not someone who stole your password.
Enable it for every service that offers it. Google has made strides to push MFA onto users over the past year, and recently reported a 50% drop in account compromise – a good indication that it works, and that you should hop aboard the MFA bandwagon.
Malware designed to steal passwords
Password stealers are everywhere. These Trojan horses silently hop onto your computer through non-vetted warez or torrent downloads (pirated content, key generators etc.) and send your precious login credentials to those who command them behind the scenes.
Always keep a trusted security solution running on your computer to fend off malware. Make sure you also keep your software updated to prevent password-stealing malware from exploiting unpatched flaws.
Keep tabs on your digital identity
Last year, millions had their personal data and online accounts exposed due to attacks on healthcare, government, finance and retail databases. And data breaches are getting even bigger.
The best way to protect yourself is to keep updating your account passwords. But you can’t possibly remember the details of every account you’ve ever created. Bitdefender Digital Identity Protection hunts down your scattered personal data for you — even scouring the dark web — and puts it back under your control.
DIP lets you see your digital footprint, even traces from services you no longer use but that still have your data. This way you’ll finally learn what sensitive data you have out there, where it is and how it’s used. DIP continuously monitors both the public web and the dark web to see if your data has been leaked in any breaches. It then gives you simple, specific, one-click actions to instantly close up leaks and weak points in your digital footprint.