Passwords are fast becoming the most unreliable safety measure, yet are still the most popular. But that’s beginning to change…
As almost everything is now done online, business, banking, shopping, we are all no stranger to a password or two. To log in to most websites, requires a password. We’re routinely told that our passwords need to be a certain length of characters, contain capital letters and special characters and to ensure that every site has a different password.
But in reality, it is just too much hassle to try and remember a unique ten digit password for each of the 50 websites that we visit frequently. We end up using the same password over and over again, or at least a very slight variation on the same word.
Not only do we use the same password for multiple sites, but many of us are guilty of choosing simple, and easily guessable passwords, such as ‘password’ to ‘123456’.
The problem with passwords
In the last few months alone, high profile websites such as TalkTalk, Ashley Madison and VTech were hacked, giving the cyber criminals access to customers log in details, which contained, of course, their passwords. But if you, like many, are guilty of reusing the same password, these online hackers can not only use your password to log in to your TalkTalk account, but they may be able to use the password to access banking or business accounts which contain much more valuable information.
And now, even if we don’t lose our passwords to cybercrime, it’s getting easier for hackers to guess them as computing power grows exponentially. So-called “brute force” attacks against websites, in which software tries millions of passwords to find the one that will grant entry, are on the rise, with machines able to cycle through possible combinations far more quickly than a few years ago.
The modern password
So if our passwords are not enough to keep our data safe in they rapidly developing tech-mad society, what measures are businesses taking to ensure we’re safe online?
Well, almost all major internet companies now offer an additional requirement to verify your identity, such as sending a text containing a security code, phoning you or reading a credit card – essentially another layer of security that isn’t a password, but only you will have access to. With online banking, two-factor authentication is a requirement; with email, social media and file storage, it is increasingly encouraged.
In addition to this, many companies are developing ways that eliminate the use of the password altogether. Yahoo now allows email users on a smartphone to log in without one, instead using an app to confirm identities. Google is testing a similar system for accessing Gmail and YouTube. Many new operating systems, like Windows 10, and new smartphones offer fingerprint of facial recognition as a way of logging in to your device.
Whilst these methods are less likely to leave you vulnerable to a remote attack, they do not guarantee safety online. And despite the unreliability of a password, there is still a long way to go before we see them disappear. It’s up to you to ensure you are careful when logging in to systems online and to ensure that your business and IT support team are taking the necessary security measures, so that if you do get hacked, it won’t put you out of business.