Uncategorized
Passwords and Authentication: The Keys to Cybersecurity
authentication | cybersecurity | passwords
According to data from Dashlane, most people have over 200 accounts that require passwords. The more accounts, more apps, and more passwords you have, the more opportunities for hackers to steal your identity. Cyber security threats are at an all time high, as data breaches are becoming larger and more frequent.
When your password is part of a breach, hackers will try it on different sites/apps/services in attempts to unlock more of your accounts; this is known as a “stuffing” attack. “Phishing” is another tactic used by hackers where they try to trick you into revealing your login credentials. This is why it is essential to create strong passwords and store them in safe ways in order to avoid the various techniques used by hackers. Failing to do so can result in:
A hacker who gets into a main account of yours can access highly personal information such as your social security number, full name, credit card information, address, and more. They can then use this information to completely steal your identity by opening accounts in your name, impersonating you, and creating a hassle that may take months to fix.
Although there are federal protections against unauthorized transactions, if a cybercriminal gets your bank password, they will be able to hack into your bank account and steal money before you even realize there is a problem.
If a hacker gets into one or more of your social media or email accounts, they can gain control by messaging your family, friends and colleagues in attempts to steal their money and personal information.
As we know, failing to keep track of your passwords in a safe way can have extremely harmful consequences. Here are some of the worst ways to store your login information:
You should never email yourself a password or login information as a way of keeping track. This is due to the fact that emails are able to be stored on different servers and kept in trash folders after being deleted, making them easily accessible to hackers.
If your phone is not protected with an unidentifiable passcode, anyone who picks up your phone can gain access to the login information stored in your notes. You are now able to lock your notes with a password, but even then you run into the issue of storing that password.
People often create Word documents or spreadsheets on their computer with a list of their passwords. Even if you have a password to protect these files, a hacker utilizing a keystroke logger can gain access to your passwords. A keylogger, or keystroke logger, records the keys you strike and what you type on your device. It is a type of malicious software that can be installed to your device without your consent.
Keeping a physical, tangible copy of your passwords may seem like a safe option to protect your information from internet hackers around the world. It is important to consider that anyone who enters your house could potentially find these records: service people, house cleaners, burglars, even relatives and roommates.
Now that we have discussed the most unsafe ways to keep track of your passwords, here is a guide on password security best practices you can take to protect your information and obtain the highest level of online security.
If you take only one tip from this article, let it be this: stop reusing your easy-to-remember, recycled passwords and start fresh. Reusing passwords across multiple or all accounts highly compromises the security of your online accounts.
For example, if you use the same password for Netflix and your bank account, a data breach at Netflix could allow hackers to easily access your bank account. An article from The Washington Post contains insights from a penetration tester who worked to help companies find paths that hackers could use to gain data. It was revealed that this individual was able to access 20,000 corporate accounts in less than one hour by plugging in the default passwords the accounts came with.
According to Cybernews, these are the top 5 most common passwords in 2024:
Additionally, avoid these common passwords that can easily be guessed upon hackers conducting an easy social media search on you:
It is okay to use these things as part of your passwords, but to be safe you must make them more unique. We recommend adding additional letters, numbers and symbols.
As mentioned before, guessing your birthday or child/pet’s name only requires a quick visit to Facebook or Instagram. Microsoft conducted a survey that revealed 15% of people use pets’ names for their passwords, and Tessian found that 21% of individuals use easily guessable passwords such as their birthdays or favorite sports teams.
A best practice is to make your passwords long, as in more than 12 characters. They should also contain a strong password combination of numbers, letters and special symbols. According to Microsoft, 96% of password-related cyber attacks involve passwords containing less than 10 characters.
If you have an iPhone, it is important to be aware that Apple notifies you if one or more of your passwords have been leaked in a data breach. On your iPhone, go to Settings → Passwords → Security Recommendations. From here, it will show you a list of accounts associated with leaked passwords that are putting your security at risk.
For those passwords you have saved on Google, go to passwords.google.com → Go to Password Checkup → Check Passwords. There is also a website called Have I Been Pwned that allows you to type in your email address and see how many data breaches have exposed your information.
There are two main forms of credential managers:
These are more commonly known, as your browser likely offers this feature. Popular browsers such as Chrome, Safari and Firefox offer password management. This feature allows you to save passwords upon setting up a new account, generate strong passwords, and automatically sign in to your accounts.
Password manager applications are a good alternative to browser password managers, as a reputable login manager app is one of the most secure ways to store your information. The only thing about this way of management is that it can be timely as well as pricey. It may take a while to find the best plan for you, but one of the most highly recommended login manager apps is Dashlane.
More and more companies, sites and apps are now offering the option to turn on two-factor authentication. 2FA (2-factor authentication) uses a second login credential on top of a password, usually a code sent through an app or text message. Growth Power Suite (GPS) provides this form of authentication to keep your information in top-notch security. Learn all about username and password authentication below.
To prevent hackers and unauthorized users from getting into your accounts, most sites require you to log in with a username and password. This process that verifies your identity is known as authentication. The credential you provide, such as your password, is an authentication factor. Authentication factors can be broken up into three categories:
To access accounts with two-factor authentication, you are required to provide credentials from two out of the three categories above. This is known as multi-factor authentication.
As mentioned previously, two-factor authentication is becoming increasingly popular, as it adds an additional layer of security for the passwords you create. There are other forms of authentication that only give you one option, or let you choose which method to use. Here are the most common authentication methods:
GPS offers this type of authentication, which first requires you to enter your username and password. Then, it allows you to choose whether you want to receive your six-digit verification code through either text message or email. This code is sent instantly, but it expires and is only good for one login. Once you enter your code, you are in!
A security key is a physical device that comes in different shapes and sizes, acting as your second authentication factor. First, as always, you must enter your username and password. Next, use your security key. Some plug into a USB port, while others use near-field communication to connect to your device when you hold it closeby. Your employer may provide this, or you may buy one for your own personal use.
Some accounts utilize an authenticator app, such as Duo, Microsoft Authenticator, or Google Authenticator to verify your identity. Upon entering your username and password, your authenticator app of choice will either provide you with a verification code to enter or a push notification.
A push notification requires your approval and is sent anytime someone tries to log in to your account. The notification usually provides information about the login attempt, such as the date, time and geographic location of the device being used. You can approve or deny the login request with a simple click on your authenticator app, adding a layer of security.
Creating and storing passwords in a safe, secure and effective manner is often overlooked. Cybersecurity is a growing threat in our increasingly digital world, so it is extremely important to be weary and follow the best practices discussed in this article.
When researching the features of business software be sure to include 2FA security in your decision. Choosing an all-in-one business solutions software like Growth Power Suite (GPS) that offers 2FA will help protect your data
