Though it might be shocking to read, the truth is that a big majority of people around the world are not conscientious when it comes to securing their online access. The most common password of 2016, making up 4% of all the surveyed passwords that were hacked in the last year was “123456.” The top 25 list was rounded off by 123456789, qwerty, and the word password itself among them. Cyber hackers know this only too well and they are ever ready to exploit these loopholes.
India too has seen its fair share of data breaches and security hacks in the recent past. WannaCry and Petya were devastating, with India being noted as one of the most affected geographies the world over. The concept of online safety and being on guard against malicious attacks is slowly gaining a foothold, but many still are in denial about how easy it is to be compromised in the online world. The humble password is the first guard against any obtrusive entry and is an important step to safeguard our identity as well as information.
New methods of authentication are needed to replace or supplement outdated methods that rely on personal information or passwords to verify identity. These changes will take time as new technologies, systems and policies emerge to replace legacy methods.
In the meantime, users must take proactive measures to protect themselves online. Consumers should follow basic security hygiene and keep abreast of emerging technologies. One should also follow security advice from experts to keep safe from cyber hackers and help safeguard their digital identities.
Here are five measures that are a good jump off points to be safe in the virtual world:
Ideal Password = A Long, Nonsensical Phrase
Most websites that contain sensitive information follow a password process to ensure they are not easily broken – at least 8 characters long, with either one or more alphanumeric characters. However, experts now suggest that a long nonsensical phrase, or “passphrases” is a better way to safeguard your online identity. It is a string of unrelated words which are tied together, and are at least 20 characters. These are much harder to crack either by guessing or in security parlance through brute force using compute power.
Do not re-use passwords
Every website worth its salt requires you to sign up for an account and it can quickly get overwhelming to remember all the passwords. Hence, many use the “same” password for ALL the websites. Research indicates that 81% to 87% of people re-use passwords. Hackers know this. And once they have cracked one account, the rest is pretty much open season to abuse.
However, memorising passwords is a real struggle. So a good way is to store passwords in a digital vault. The vault, in addition to storing passwords also help generate strong new ones when required. And rather than remember multiple passwords, one just has to memorize one password to access the digital vault.
Lie on your Security Questions
All good websites, especially ones for financial data have security questions as backups. They often have to do with personal information that are now easily accessible online such as mother’s maiden name, first school, address etc. Rather than go for these options, select questions that are opinion based, and hence harder to crack like favourite ice cream flavour. Another tactic is to use fake responses to ensure that only you would know the answer.
Many services, particularly sensitive accounts like email and banking, allow for two-factor authentication (2FA). Enabling 2FA adds another layer of security checkpoint when certain risk factors are present. These risk factors include accessing the account from a new location of an electronic device.
2FA is quite familiar with users in India as multiple companies and websites already offer them, including banks and even hire cabs such as Ola.
Even if one makes sure to apply all the steps above, we will soon move towards a time when the use of passwords as the sole to method establish identity isn’t enough. Biometric authentication uses our iris, fingerprints to verify identity. Aadhaar in India is the biggest example. In our daily use, iPhones already provide biometric authentication to safeguard access to the phone in lieu of passwords.
This too is not fool-proof, so experts have devised ways to make sure this data is collected and applied in a way that ensures privacy for consumers while preventing the ability for this info to be used by hackers. For devices that allow access via fingerprints, consider backing it up with a lock code.
As we continue to move our lives online, security will play an important role in safeguarding our presence. As in the real world, everyone will need to take robust and practical measures. Having a strong password is first step to ensure safety in the digital world.
The author is the Integrated Security Leader of IBM India/South Asia