Many companies consider passwords to be one of the most fundamental security risks, as a study conducted for the Nevis Security Barometer 2021 showed: while around half of the respondents use a different password for each user account, a full 44 percent use the same password more than once. Added to this is the fact that a fifth of users have shared a password with friends and family. This kind of carelessness in dealing with IT security is alarming, especially against the background of increasing home office use during the coronavirus pandemic. What is needed is a heightened awareness of the grave damage this can cause. Security expert Nevis lists five reasons why it’s time to say goodbye to your old password solution today. The future of IT security is multi-factor authentication, or MFA for short.
In these times of home working during the coronavirus pandemic, the relevance of passwords is more topical than ever and it is hard to imagine information security without them. Their purpose is clear: in addition to a user’s digital identity, passwords should also protect sensitive internal company data from unauthorised access. If a hacker gets hold of a password during authorisation, the data is freely accessible. This is precisely why login processes are increasingly becoming the focus of criminal activities. The following five reasons show why it is worth rethinking password security and how you can securely protect your data from hacker attacks in the future.
“Sharing is caring” ends with your choice of password
Solidarity and communality are important factors in the social context, but IT security is an exception. Sharing a password with a partner and a friend may be a common practice, but that does not make it a good idea. This starts with the fact that the data is usually not passed on via secure channels. Rather, the information is shared in emails or text messages. In addition, the security of the password is drastically reduced as the number of people involved increases. As soon as two people know the password, the danger increases that the password will fall into the hands of hackers through malware or phishing.
123456: my (un)safe password
Once again this year, the Hasso Plattner Institute has compiled a ranking of the passwords most frequently used by Germans. They evaluated 3.1 million logins from the HPI Identity Leak Checker database which are registered to email addresses with .de domains and were leaked in 2020. These results should really make you think and question your own approach to choosing a password: first place is occupied by “123456”, followed by “123456789” and finally “password” in third place. However, popular German first names like Michael or Daniel also dominate the top spots. It is precisely these weak and insecure numerical series that lead the ranking and reinforce the impression of how low the Germans’ awareness of password security is, both among consumers and in companies.
Password recycling: too simple and too frequently used
Recycling is a term that we intuitively associate with climate protection. IT security has long since followed suit, but not in a positive sense. Specifically, password recycling is the reuse of a password across multiple accounts with sometimes only slight changes such as swapping upper and lower case letters. The problem is that a stolen password can act as a “master key” to several services. Whether and where it is possible to log in with the stolen or purchased login data is tested by the criminals in a process known as credential stuffing with the help of a rotating proxy that targets hundreds of thousands of logins across multiple services. In this way, a large-scale attack can crack up to tens of thousands of accounts in just a few minutes.
Cursory password updates
Updating regularly is a popular tip when it comes to maximising password security. The new password should ideally be at least 10 characters long, with numbers, special characters and upper and lower case letters, but without any pure sequences of numbers. But password changes are rarely accompanied by the creation of a completely new keyword. Instead, many users prefer to change only a single number or letter so that the core of the old password remains intact. This in no way increases the security of the user’s digital identity; at most, it dulls their own sense of guilt until the next reminder is triggered by the system.
Identity theft: when control is lacking
Once passwords fall into the wrong hands, the serious consequences are as diverse as the password itself should be. They often start with identity theft, which involves a password change by the hacker and a complete loss of control on the part of the user. The result is chaos. In the private context, it can means dubious Facebook postings, changed passwords on online services such as Amazon and even the storage of private photos. But the consequences of hacked passwords and malware are not to be sneezed at for companies either, because the loss of control is immense: once attackers are in the system, whole realms of new possibilities open up. In addition to accessing the sensitive corporate network, it is also possible to change online banking processes. Accounts have to be blocked and work processes come to a standstill.
The solution: maximum security and convenience thanks to MFA
In order to optimise password security and, at the same time, the user-friendliness of the login processes, multi-factor authentication, or MFA for short, can be used. This security mechanism combines several validation procedures to identify the user beyond a doubt during authentication. At the same time, the insecure password is dispensed with. Four methods can be deployed, based on the factors possession, knowledge, location and biometric features such as face ID or fingerprints. MFA uses them to ensure that the person who wants to access the resource is actually the person he or she claims to be. The higher the number of factors used, the greater the security. At the same time, user-friendliness is high, because the biometric procedures cost neither time nor effort and are always available. For added security, both in private life and in the professional environment.