Домой United States USA — Financial How to make your passwords worthless to cyber thieves

How to make your passwords worthless to cyber thieves

317
0
ПОДЕЛИТЬСЯ

The best way to make your accounts more secure is to require proof in addition to — or better yet, instead of — your password.
When IBM introduced the first laptop with a built-in fingerprint sensor in 2004, it sparked a wave of product development in biometrics. At the time, a colleague delighted in fooling sensor after sensor with a rubber replica of his own finger.
Everything is relative. Today, in a world where cyber thieves routinely pry into valuable data stores from far-away lands, compromised passwords are 10 times more likely, according to Verizon, to be the culprit than physical interaction with computers, smartphones and other connected devices. Even the worst fingerprint reader, in fact, can help make those passwords more secure by acting as a second line of defense.
The best way to make your accounts more secure is to render your passwords worthless to cyber thieves, by requiring proof in addition to — or better yet, instead of — your password.
Here’s how:
Yes, the goal is to neuter your passwords. But many apps and websites don’t yet offer options for multi-step verification. Which means that if hackers have your password, they’re going to get into those accounts.
If you have a simple password, then you should assume the bad guys can already get in. A password like, say, “password,” is akin to leaving the keys in an unlocked car on a crowded street. Misery loves company. So if it’s any consolation — which, trust me, it isn’t — there are millions of other unlocked cars out there. “Password” is one of the 10 most common passwords on the Internet. And one in six personal passwords are “123456.” Seriously.
So as a first line of defense, you should have hard-to-guess passwords. And you should change them often. Which takes more effort than most of us are willing to expend.
Password managers like Dashlane, LastPass and RoboForm take care of all that for you. You only need to remember the password that gets you into your password manager. But for gosh sakes, make it a good one!
Equiifax may have been breached again
After Equifax, make it expensive for credit bureaus to be ‘stupid’
No surprise doctors dislike electronic health records
Eighty-one percent of data breaches last year leveraged weak or stolen passwords, according to Verizon’s annual Data Breach Investigations Report. With regard to stolen passwords, by far the most common method is by phishing — sending urgent, seemingly genuine emails that try to get you to click on a link. The link might take you to an imposter site that snags your credentials before logging you in to your actual account. Or it might load malware that collects all the usernames and passwords you type.
The best way to thwart phishing attempts is simple: don’t click on links in emails. That notice from PayPal that your account is in danger of being frozen looks authentic. And it might be. Or not. Cyber thieves spend their days dreaming up ways to convince you to click, and they’ve gotten pretty good at it.
If you haven’t gotten the message by now, we’re notoriously bad at protecting our passwords. Which is why more and more accounts are leveraging physical markers to validate that the person who just signed in is really you.
In fact, many of the multi-step verification, or multi-factor authentication, schemes are built on a foundation of “trusted hardware” — your smartphone and laptop. Then, if someone tries to log on with your credentials on a different device, the app will demand more proof that it’s really you before granting access.
The app might ask for a code it sends in a text or email. Or it might require a six- or eight-digit number generated by authentication apps.
The apps might require biometric authentication — like iris, face or fingerprint scans — as further proof.
Enabling multi-step verification on your accounts will go a long way toward making your passwords worthless to cyber thieves — and your accounts far more secure as a result.
Mike Feibus is principal analyst at FeibusTech, a Scottsdale, Ariz., market strategy and analysis firm focusing on mobile ecosystems and client technologies. Reach him at mikef@feibustech.com. Follow him on Twitter @MikeFeibus.

Continue reading...