Follow this password advice for safer computing.
Welcome to Cyber Security Today. It’s Monday June 8th I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Having to remember or keep track of passwords drives consumers nuts. As a result they take shortcuts like using the same password for several accounts or making easily guessed passwords. A recent global survey of 3,250 people by a security firm called LogMeIn, which sells a password manager, gives an idea of the extent of the problem: 42 per cent of respondents said that having a password that’s easy to remember is more important than making one that’s secure. Ninety-one per cent said they know using the same or a variation of the same password for different accounts is a risk, but 66 per cent said they do it anyway. Here’s an interesting number: 25 per cent of respondents said they have reset passwords once a month or more because they forgot them.
Here’s another: 42 per cent of respondents didn’t think their accounts were valuable enough to be worth a hacker’s time. Which isn’t true. You may not be an executive, you may think your email or Facebook account is merely chatty. But if a criminal can find enough about you they’ll send a convincing message pretending to be from your boss, a bank, a credit agency, the company you just bought a car from or the government. If your Facebook account suggests you’re a great fan of the New England Patriots, a crook will guess one of your passwords is Tom Brady. Yeah, I know he’s on a new team. But you get the idea …
The Canadian government’s Cyber Security Centre has some advice for creating passwords: First, make sure you have a different one for valuable accounts like your email, bank office and social media. Use a or a strong password of at least 12 characters. It helps to use at least one number, capital letter and a special character. Or, use a passphrase of at least 15 characters, which is easier to remember. Passphrases can be associated with the account. If your financial institution is the Bank of North Oxnard, your passphrase might be four words that start with B.O.N.O.
Don’t use common expressions, song titles or lyrics, movie titles or well-known quotes for passphrases. Do not use your personal details like birthday hometown or pet’s name either.
The centre urges everyone to add two-factor authentication for even stronger account security. That way not only do you need a username and password to log in, you also need a fingerprint or a special code sent to another device like a smartphone. Check every account you use to see if it offers two-factor authentication, and then use it.
How do you keep track of your passwords? With a password manager. Do an internet search for “password manager” and you can find reviews on many of them.
Finally, some people should be very aware of their online security, including passwords. I’m talking about people who hold a C-suite title: Chief executive, chief operating officer, chief financial officer and the like, you’re a vice-president or senior manager; you’re a lawyer, accountant, real estate broker, your work for an investment firm. In short, anyone who handles money, and their assistants. You work in an IT department. You’re a reporter. In addition to being careful with passwords, these people should make sure their smartphone accounts have a PIN number. That’s a number on the account with your wireless carrier, and it will be needed to change anything on your account. It has to be different from the PIN number for the phone. Because if a crook can’t guess your email password they will try impersonate you to get a cellphone company to switch your phone to one they control and access your email that way. The PIN number will stop that.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.