Password Overload is Giving Hackers What they Need
July 11, 2017
Raina Zakir (56 articles)
Share

Password Overload is Giving Hackers What they Need

In the United States, the average email address is associated with no fewer than 130 different accounts on the internet. How many accounts do you use on a daily basis?

Chances are there are accounts out there you haven’t seen or thought about in decades. Many people report having more password protected accounts than they can recall, and while you might not be using all of the accounts currently they may be giving hackers access to those accounts you do use regularly because of one common habit: password reuse.

Millennials, though they are digital natives and have grown up being told the proper password safety procedures, are shockingly the most likely group to reuse passwords. Instead of leading by example as the technologically advanced digital natives they are, Millennials are making things less secure for everyone. More than three quarters of younger Millennials report reusing passwords. Overall 61 per cent of people admit to using the same password across multiple websites, but somehow 89 per cent of people feel that their password habits are secure. Unfortunately this does not seem to be the case.

What does it actually take to have a secure password? It’s a lot more complicated than you might think, and this may be a leading factor in why people are reusing passwords to begin with. Secure passwords use the following precautions:

  • Never use the same password for different websites
  • Use a complex password or passphrase with letters, numbers, and symbols
  • Update passwords regularly, especially if you are notified of a breach
  • Use multifactor identification for sensitive accounts
  • Use a secure password manager if you have trouble remembering your passwords

Attackers know that people use the same password over and over, so if they’re able to get a user’s credentials for one site or service, their next move is to see if the password works on email, Facebook, Twitter, a banking site, or other high-value targets. That can start a chain reaction that leads to the victim’s entire online life being compromised. These are all things that security researchers and professionals have known for a long time. Password reuse is a well-understood problem, but it’s still a problem, albeit a boring one. And the thing about boring problems is that they’re boring. People don’t get super excited to work on those.When people have difficulty remembering their passwords because of so many different accounts, in addition to reusing passwords they may write them down on paper, store them in plain text on their computer or mobile device, or even store them in a cloud-based dropbox that also requires an additional password. The only secure way to manage your passwords is to use a secure password manager. If you’re not, you could be putting yourself and even your company into serious jeopardy.

Even though the problem has been identified and awareness has been raised, at the end of the day many people just have too much on their plates to effectively manage multiple passwords across multiple accounts that need to be changed frequently. Let’s be honest here – most people aren’t going to remember lkj345$ per cent and weorub$$3 and oewo09!!hf4, let alone strings of random characters for each of the 130 accounts they have.

Another problem most people face is that they just don’t change their passwords enough.

  • 11 per cent of people never change their passwords
  • 31 per cent of people change their passwords once or twice a year
  • 17 per cent of people change their passwords three to four times a year
  • 22 per cent of people change their passwords five or more times a year
  • 18.5 per cent of people only change their passwords when they are notified of an issue

While it is encouraging that 70 per cent of people report changing their passwords at least once a year, it’s also important to remember that that figure is self-reported and 29 per cent of people report having more password protected accounts than they can remember. It is more likely that people are regularly changing the passwords to the accounts they remember and use frequently rather than every single account they have ever opened, which can still leave them vulnerable if they have even reused just one password.

Stopping hackers can be challenging for a multitude of reasons, but since user error is the single biggest factor in hacking threats making security user-friendly for even the least trained person using it can bridge a huge security gap.

In spite of decades of advances in computer and information security, the biggest problem is still with the fundamentals – the end user. If you don’t have end users who are using good password hygiene practices, the base of your security pyramid will crumble. Fortunately it doesn’t have to be this way – advances in security technology have come up with a multitude of solutions.

Source | IT Pro Portal