Troy explained how and why data breaches have become the new normal, and what we can do both at work and in our personal lives to protect our digital identity and wellbeing.
Whilst computers have changed almost beyond recognition over the past few decades, the passwords we use to access them haven’t kept pace. We use the same basic rules for password creation and management that we did last century. Using your pet’s name or your birthday just doesn’t cut it anymore.
These are three signs your passwords are too weak – and what to do about it.
1. You’re trying to cheat password complexity rules.
Humans are experts at getting around password complexity rules, Troy explained. Your password might be 8 or more characters long, have a lower- and upper-case letter, a number, and a special character but if it follows a pattern, or if it’s a recognisable word (P@ssw0rd, anyone?), it’s predictable and easy to crack. You can check how unique your password is at Have I Been Pwned.
2. You use the same password for multiple accounts.
We’re all guilty of this, but it’s a very risky thing to do. If one system is compromised and your username and password combination is exposed, that could compromise other accounts where you’ve used the same combination. Losing access to an old forum account might not be a big deal, but when that also means losing access to your Facebook account, eBay account, email account and even your bank account – that’s something to worry about.
3. You’ve accidentally (or not-so-accidentally) told other people your password.
We all know about phishing, but how much do you know about social engineering? Have you ever given away your password or personal data without realising? Troy shared this video where people on the street unknowingly share their password secrets.
You might recognise these subtle attacks from popular social media posts that trick you into posting personal information like your birthday, or pet’s name. These minor facts are often answers to security questions, knowledge-based authenticators, or even part of your password itself. These are things we tend to share freely, but they’re also sometimes the keys to our online kingdoms so be careful where you share.
Sometimes, social engineering attacks are less subtle. In 2003, 90% of office workers who participated in an information security survey gave researchers their password in exchange for a cheap pen. Your passwords are valuable, so make sure you protect them.
What can I do about it?
Passwords aren’t going anywhere and they’re an important part of protecting our online identity but there are two things we can all do right now to make them more secure.
First, get a password manager. Password managers create and remember complex passwords for you for all your accounts. This prevents password reuse, password simplification, and removes the need to write down your password.
Second, enable two-factor authentication (2FA) on your accounts if it is available. Some services that offer free 2FA include Google, Facebook, LinkedIn, Dropbox, and O365. The Turn It On website has a list of all popular sites that offer 2FA and tutorials for how to enable it.
Thanks to IT Security for organising this event, and to everyone who attended. If you’re interested in more events like this, please email digital@uts.edu.au to subscribe to the newsletter. Check out Christine Miles’ Beyond the Firewall blog for more UTS IT security resources.