If you’re looking for a self-improvement project that doesn’t require much effort to use as your New Year’s Resolution, start using a password manager. Seriously. At work and at home. Here’s why.
In his recent SecTor Talk, F-Secure Chief Research Officer Mikko Hypponen told the audience that about 30 percent of people only have one password. He also said that there’s no way this should be a problem in 2016.
And he’s right. Using strong, unique passwords on critical accounts is #opsec 101 (opsec is jargon for keeping your information secure).
Some people are very conscious about protecting their information, and do things like hide their PIN codes while they enter them into bank machines or card readers. They do it so that even cameras can’t see what they’re doing. That’s smart given how important this information is.
But some of these same people use one password for everything. And that’s never made sense to me. Why be so cautious when using point-of-sale devices or bank machines (both of which are often regulated and professionally maintained on a business premise), but so careless when setting up and taking care of accounts on their own?
Security software does wonders in protecting people from online threats. But it won’t protect your accounts against an attacker that has your password. And unless you were hiding under a rock in 2016, you probably heard about some of the record breaking data breaches that occurred, such as the recently disclosed Yahoo hack involving more than one billion stolen passwords (that’s on top of the 500,000,000 Yahoo reported stolen earlier in the year).
Attackers can use these stolen passwords to take over online accounts by simply trying them with popular online services like Facebook, Google, Twitter, and so on. Automated tools make it easy for attackers to try large numbers of stolen credentials one after another until they access an account. And if an attacker is able to access an account that you use to verify your identity with other online services (think about how many services you register with using an email address), they can use that access to systematically take over your other accounts. That’s basically how identity theft works now.
And if they don’t feel like going through all that trouble themselves, they can always just sell the login credentials to other criminals. Groupon recently reported criminals were shopping on their website using login credentials stolen from other companies. And research conducted in 2016 found that 63 percent of confirmed data breaches were caused by weak, default or stolen passwords. That means stolen login credentials are a big problem that affects your personal and professional life.
So using a password manager is a great way to better yourself next year without having to work too hard for it. It makes using strong passwords much easier, which will pay off in terms of securing your online accounts. It’s also a lot less effort than committing to going to the gym on a regular basis for the next 52 weeks, so it won’t radically disrupt your daily life. F-Secure KEY is even free to use. You’re not going to find a more wallet-friendly way to improve yourself in 2017 than that.
And if you’re already using a password manager, you can check out these additional tips from security advisor Sean Sullivan if you want to make some other #opsec New Year’s Resolutions for 2017.
[ Image by Simon Doggett| Flickr ]
Categories