5 Ways To Avoid A Stolen Password Pitfall1:00 PM EST Thu. May. 02, 2013
Weak or stolen passwords were used in 76 percent of network intrusions, according to the 2013 Verizon Data Breach Investigations Report. It's also not uncommon for cybercriminals to hijack social networking or email accounts to conduct phishing attacks or spread spam and malware. Data protection vendor Varonis collected 200 responses from a survey it conducted in April, and found most people need to improve their security skills starting with password management.
Strong passwords have a combination of upper and lower case letters and numbers and incorporate a character. Avoid dictionary words. Shun pets' names, birth dates or a portion of an identification number. Be wary of using strong-password-generator websites to create or check password strength. If you must use one, stick to a tool from an endpoint security vendor that you trust.
Varonis said 47 percent of people it surveyed said they have activated two-factor authentication for email access. Two-factor authentication is seen as a way to thwart a high number of attacks. Google, Apple and other firms have begun supporting two-factor. Twitter is reportedly working on implementing two-factor authentication for users of its service.
For mobile phone users, more than three out of four respondents said they password-protect their phones, according to Varonis. Most mobile devices support either using a password to gain access or a pin code. The developers behind Android are experimenting with other protections, including facial recognition and password-swipe functionality, but security experts say a pin code is the most reliable way to keep the device secure. A standard password is less convenient but offers more protection.
More than 60 percent of those surveyed by Varonis indicated using the same password on multiple sites. A recent spate of high-profile email and password breaches at social-network and e-commerce sites illustrated the problem. When LinkedIn suffered a breach exposing millions of passwords last year, Facebook and other firms were forced to take action on some user accounts that had been fraudulently accessed by an attacker. Security experts advise users to create unique passwords for all accounts that require credentials.
Only 6 percent of those surveyed by Varonis said they used a password manager. Password managers are designed to take the pain out of accessing sites with different passwords. The web-based programs can be accessed from almost anywhere and some have additional capabilities, including strong password-generation features. Security experts told CRN that the biggest hindrance to adoption is the time it takes to initially set up a password manager.