With the increasing number of online fraud reports I thought I’d review my online Digital Security Footprint. There are many websites and services that offer to do this for you, and I thought to try the free offer from MalwareBytes. (https://www.malwarebytes.com/whatismydigitalfootprint) (other good free websites are: https://haveibeenpwned.com and https://breachdirectory.org)
I discovered that my email address (and some of my regular passwords) had been exposed and were available on the internet, and I’m not alone it seems… According to the Psychology of Passwords 2022 Report, 62% of respondents always or mostly use the same password or a variation of, 50% of people changed their password after they were informed a data breach had occurred and only 31% of people stopped reusing passwords after receiving cybersecurity training!
Even though they know it’s dangerous, people still prefer to re-use the passwords they already have. We should stop reusing the same password for multiple accounts because if a cybercriminal gets a hold of that password, they can gain access to every account that uses it. The biggest risks of reusing the same password are credential stuffing and account takeover attacks, which often lead to unauthorized access and loss of your accounts and personal information. {Credential stuffing is when a cybercriminal uses a set of exposed credentials to attempt to gain access to multiple online accounts.}
Reusing the same password makes it much more likely that your account will be compromised at some point. Eighty percent of respondents say they are concerned about this, but 48% of them still state that they will not change their password unless it is required.
Obviously as I’m concerned - it’s well past the time to review my passwords!
Current best password practices suggest using a more secure 3 word combination instead of just 1 word with added numbers and symbols. For example, previously I would use an easy to remember password like chocolates and then make it secure by changing case and inserting numbers and symbols to give me something like this: Ch0co1ate$. Now I use a 3 word combination – for example I Love Chocolates but either as one long joined word (ie: ILoveChocolates), or split the words using a symbol separator (ie: I\Love\Chocolates). To mix that up and be even more secure you can throw in a number of two to give you this option: - I2\Love\Chocolates.
Another tip is that reusing passwords on different websites is a definite NO, so how do I remember all those different passwords?
One option is to write them down (in a physical book or electronic note app), but then if you lose the book (or your device) you’re really in deep trouble. There are password managers available (some free, some chargeable) and they all have their good and bad aspects. A password manager (app) can help you break the bad habit of reusing passwords for good. It gives you control over your passwords with a secure, encrypted password vault that only you can access from any device wherever you go. Once you’ve stored all your passwords in the vault, the password manager can automatically fill them in for you when you need to log in. That way, you never have to worry about forgetting any of your passwords or losing access to any of your accounts.
It’s also important to use a strong, unique password on each of your accounts. A password manager trains you to do this by automatically alerting you when you’ve used the same password across multiple accounts or when one of your passwords needs to be beefed up so you can take action. Its password generator feature makes it easy to generate a new, secure random password for your account, and you don’t even have to remember that new password once it’s been updated in the vault.
Personally, I have opted to go with BitWarden – as its device and Operating System agnostic, and it works on my Windows PC and Apple devices with full synchronisation. Other than spending quite a bit of time initially adding all my usernames and passwords to BitWarden (and then changing them to be unique) – its great (and it also has a configurable password generator)
Optionally another great security feature is to enable MFA (Multi-Factor Authentication, also known as 2FA – or Second Factor Authentication) if the website supports it. When you login to your MFA/2FA enabled website, it requires you to enter a unique number from the MFA/2FA app on your mobile phone that changes every few minutes.
To be perfectly honest – Using a password manager and MFA/2FA is a bit of an additional annoyance, but not being a victim of Fraud is more than worth the extra effort.
Do you need to empower your staff? – Why not talk to us, we have a variety of training courses from a very basic half day Cyber-Security Awareness course to advanced Cyber-Security courses for security professionals
Best Password Mangers (review):
https://www.techradar.com/best/password-manager
https://uk.pcmag.com/password-managers/4296/the-best-password-managers
Best MFA/2FA apps (review):
