We all have a number of accounts online these days; our social media platforms, our email, internet banking, and that weird news site you once signed up to just because they wouldn’t let you read that article about puppies if you didn’t.
Each of these accounts have one thing in common – login credentials.
The Problem
Most of us have dozens of accounts online that utilise the common username and password combination in order to gain access and for most of us, trying to remember all of these different passwords is quite an effort. Most of us (myself included) when required to create or change a password do one of the following:
- We use the same password but change a letter to a special character or number or both
- We add numbers to the front or end of the password
- Use exactly the same password for everything
There are two things these approaches have in common.
- Makes it easy for us humans to remember
- Makes it really easy for nefarious agents to guess or hack
We have all heard stories of when some nameless person in the news lost thousands of dollars to online hackers and scammers and we are all guilty of thinking that could never happen to us, until it does.
Modern scammers are getting a lot more crafty with their approaches lately. Everyone knows about the Nigerian Prince scams and easily ignores these pleadings for a small amount of cash to unlock millions. We have seen some well executed scams recently where the criminals are putting a lot of time and effort into impersonating someone you legitimately do business with in order to scam you and your company out of hard-earned cash.
What can we do about it?
Well, we have all seen those draconian corporate password policies that require you to change your password after every cup of tea, making sure you have 3 letters, 3 numbers, 3 special characters and 3 hieroglyphs. While this is a good way to ensure that passwords are not easily compromised over the internet, they lead us to another insecure behaviour. Writing passwords down.
This is never a good idea given that there have been countless cases of corporations losing data and even money to ‘social hacking’ (tricking people to give the login details over the phone) or just plain stealing the post it off of your monitor.
Ahem. I said, “what can we do about it!”
Oh right. Well, there are a number of things that can be done to mitigate the leaking of login credentials these days. I’ll list a few below.
- Look at a Modern Workspace solution like Lucidity 365. This uses Azure Active Directory to offer single sign-on across a range of SaaS based applications. This can significantly improve your security posture, as you no longer have to give out credentials to every user that requires access. This can all be hidden and managed at the administrative level.
- Using a password credential manager such as keepass, dashlane, lastpass and a host of others. These programs sit on your computer and will create random, strong passwords for each site you need to login to. The passwords are protected by one strong password you choose, so don’t make it the same as one you have already floating about in cyberspace, nor make it so you cannot remember it.
- Using chrome as your password manager. Yea, that’s right. Modern versions of Chrome contain a built-in password manager, protected by your google account. (You can use any email address to create a google account to login to Chrome with).
- Multi Factor Authentication. Also referred to as MFA. This is where you are sent a text or notification on your mobile when you try to login to a site, such as Office 365, online banking and even social media.
All of the above options on their own are a great way to protect your online accounts from hacking but the best course of action is to use both a password manager AND multifactor authentication. Lucidity provides MFA on all our Managed Desktop and Office 365 platforms, so if you’re interested, get in contact with your account manager or contact our support team for assistance.