Categories: Business

‘Hackers love it’ when you see these 6 biggest password mistakes, says security expert

[ad_1]

Increased cyberattacks in 2022 have created a high-risk internet landscape. But for many people, hitting “refresh” on their password habits still isn’t a priority.

As a cybersecurity advisor, I consistently hear stories about people getting their personal information stolen because they made a simple mistake like using the same password for multiple website logins.

After 20 years of studying online criminal behaviors, tactics, techniques and procedures, I’ve found that hackers love it when people make these six password mistakes:

1. Reusing the same password.

More than two-thirds of Americans do this, but it only allows data breaches to remain dangerous for years after they happen.

To avoid creating a brand new password for every account, people also tend to reuse passwords with slight variations, like an extra number or symbol. But these are also easy for hackers to guess, and they’re no match for software designed to quickly test iterations of your password.

What to do: Develop unique passwords for each of your accounts. While this may feel daunting, password managers can be a big help in designing and organizing your password library.

2. Only creating unique passwords for ‘high-risk’ accounts.

Many users only create unique passwords for accounts they believe carry sensitive information, or that have a higher likelihood of being breached, like online banking or work applications.

But even basic user information that lives on “throwaway” accounts can contain data points that fraudsters use to impersonate legitimate users. Just your email address or phone number alone can be valuable to bad actors when combined with stolen information from other breaches.

What to do: Protect all accounts — even the ones you rarely use — with one-of-a-kind passwords.

3. Not using password managers.

In addition to multi-factor authentication, password managers are essential technologies that can strengthen smart password habits.

These managers can help you create unique, single-use passwords and auto-fill them in the accounts they are tied to — a big leg-up on the 55% of users who manage passwords by memory alone.

Even if you accidentally click on a phishing link, your password manager can recognize the discrepancy and choose not to auto-fill.

What to do: Choose a password manager that fits your personal comfort level and technology needs. A few credible choices that are routinely well-reviewed include 1Password, Bitwarden, Dashlane and LastPass. While they all offer similar functionality, each one differs in extended features and cost.

4. Creating simple passwords that contain personal information.

The best passwords aren’t necessarily complex, but they are hard to guess. Passwords that provide the high protection are personal to you and don’t contain easily gleaned information, such as your name and birthday.

For example, strong password foundations may be a favorite song lyric or your go-to order at a restaurant.

What to do: Design passwords that are at least 12 characters long and avoid using personal information that can be easily guessed. They should also be memorable to you and contain a variety of characters and symbols.

5. Opting out of multi-factor authentication systems.

Even the most complicated passwords can be compromised. Multi-factor authentication creates an extra layer of protection by requiring verification beyond your username and password each time you log in.

Most often, this is done through one-time passwords sent to you via SMS or email. It’s an extra step, but it’s well worth it — and it creates another hurdle for attackers to jump through.

What to do: There is no way to add two-factor authentication to services that don’t natively offer it, but you should turn it on wherever it’s supported.

6. Being apathetic about password habits.

It’s easy to think cyberattacks won’t happen to you. But given that data breaches and other cyberthreats carry a high risk of identity theft, financial loss and other severe consequences, it’s best to prepare for the worst-case scenario.

As long as you’re an internet user, you will always be a potential target — and apathetic password habits boost your risk level even further.

What to do: Don’t assume you’re safe. Keep reevaluating your password hygiene and when new authentication technologies come along, and adopt them early.

John Shier is a senior security advisor at Sophos, and has more than two decades of cybersecurity experience. He is passionate about protecting consumers and organizations from advanced threats. John has been featured in publications including Reuters, WIRED, CNN and Yahoo. Follow him on Twitter @john_shier.

Don’t miss:

[ad_2]
Source link
Admin

Recent Posts

Super Slot Games Review

Super slots provide the pinnacle of casino gaming with their interactive bonus rounds, captivating graphics,…

4 months ago

The Evolution and Impact of  Nanomedicine

Introduction to Nanomedicine Nanomedicine, a subfield of nanotechnology, involves the application of nanoscale materials and…

4 months ago

Chumba Online Casino Review

Chumba Casino provides an extraordinary online gaming experience. Its sweepstakes model allows players to win…

5 months ago

How to Find the Best Online Casinos to Play For Free

Online casinos provide quick, simple, and highly convenient gambling experiences for their players. Offering a…

5 months ago

How to Achieve a Flawless Complexion with the Right Products

Achieving a flawless complexion is a common skincare goal. With the right face care products, you can enhance…

5 months ago

Creating Ideal Matches: The Mutual Selection of Clients and Businesses

Shared values and goals, transparency, understanding each other's needs, communication, and respecting boundaries are vital…

5 months ago