As consumers, we are torn between easy to remember and complex but secure when it comes to picking online passwords. We want to use details that are familiar—like our pet’s name with our birthday at the end—for all of our online accounts. While people fret about the very real danger of suffering an account hack, they are still very sloppy and lazy when it comes to their passwords. In fact, almost three-fourths of password-protected online accounts use duplicate passwords, according to TeleSign, a mobile identity solutions company.
Michael Marks Jr. 18EvMBA, an identity and access management architect for Coca-Cola Enterprises, explains that people need to change their habits. “Hackers are a very smart, persistent, and adaptive group,” he says. “They’re used to acquiring account information using brute-force attacks, meaning they keep trying different passwords for an account until one finally works.”
Today, smarter businesses require users to periodically change their passwords. For the typical person, it’s a hassle, and it also means you’re likely to forget a password along the way. However, Marks points out that the practice makes sense to protect businesses and users’ information. TeleSign reports that, in the past year, 40 percent of consumers had personal information compromised, an account hacked, or a password stolen.
Facing the frightening reality of losing the last vestiges of our privacy, some consumers are getting a bit smarter, using symbols, numbers, and longer passwords. But cyberthieves make it their business to stay a step ahead of us. “In response, hackers started attacking companies that store our passwords—companies like LinkedIn and Facebook,” Marks says. “Collecting these enormous lists of passwords provides hackers with a more targeted list of passwords to try for other, more sensitive websites.”
So is online security elusive or attainable? Marks contends that we can have a safer online experience by taking simple precautions. To protect online accounts, people should enable two-factor authentication (2FA) when available. “2FA combines something you know, such as your password, with something you have, for example, your cell phone,” he says. “When 2FA is enabled, you go to your application and type in your username and password. Then the application will send you a text message with a one-time use code. You type in the code that was texted to you, and you are allowed access.” A hacker will not have access to your cell phone, and he or she will not be able to access your account, even if they steal your password. Most companies offer 2FA free of charge for their products and services; visit twofactorauth.org for a list of well-known companies and whether they support 2FA.
His best password advice? “When it comes to your passwords, try to utilize complex ones and use different passwords for every site,” he says. Having a hard time with making up a new password? “The absolute best practice is to use passwords that are long, acronym-based and have special characters and numbers. For instance, turn the sentence, ‘I graduated from Emory University and love the Eagles,’ into the password ‘IgfEUaltE-2018$.’ This makes brute-force attacks even less likely to be successful.” If remembering that many passwords is challenging, consider using a commercial password management solution.
– Michelle Valigursky
