How many websites do you log into daily? How many accounts were you compelled to create just to purchase a sweater online or read an intriguing article? Even if your job doesn’t require you to have a digital presence, the sheer number of logins and required passwords that a normal human being must bypass boggles the mind.
In a previous blog post, research specialist Aaron Walker discussed the pros and cons of using password managers as well as the unfortunately easy-to-predict behaviors of website visitors. However, it must be noted that people entrust websites and password management systems a whole lot, and it just boils down to the fact that passwords are only secure so long as those sites or systems are secure.
Importance of Passwords
The internet is a trove for articles detailing tips and best practices for creating secure passwords. However, security fatigue exists. Security fatigue, according to the National Institute of Standards and Technology (NIST), is the weariness we as humans have towards the constant need to update passwords, the proliferation of passwords in both our personal and professional lives and the apathy we have towards security risks.
Unfortunately, security fatigue makes it easier for hackers to conduct cybercrime. Why? Because, when left to our own devices, we tend to choose passwords that are easy to remember. We also may not even consider turning to encrypted passwords or password management systems because we don’t necessarily expect to be the targets of hacks or cybercrime. Inevitably, that opens us to security issues. Considering that a password acts as a “gatekeeper between the rest of the web and our personal information,” that’s a staggering issue.
For companies, breaches and hacks of user passwords go beyond just losing private access to email and social media accounts.
Security fatigue is real. The amount of passwords and information that need to be updated in the event of a threat is exhausting and nearly impossible to accomplish in full.
Allow me, then, to be the kick-in-the-pants reminder that a simple mot de passe is all that stands between the common person and a skilled hacker who may have interest in their social media activity, bank account information, private email data and more.
Check out this 2015 infographic from Entrepreneur to read a history of passwords and learn more about their dangers.
A commonly suggested, and perhaps even more commonly ignored, addition to cyber-safety is two-step verification for bank accounts, cloud storage apps, personal and corporate email, password managers and anything that deals with official communication. Two-step verification means signing into accounts takes an extra minute, but saves the vulnerable from hours of recovery.
This extra step can include a one-use passcode sent to the user’s mobile device, physical recognition such as a fingerprint or voice detection or providing additional information that, ideally, only the correct user would know.
Even these small measures can greatly reduce the risk of data danger. Consider password hacking the forest fires of the current generation: Only you can prevent them.
-Grace Pinegar, Research Specialist
Company data is precious and it may not just apply to the individuals who work at a company. The interests and privacy of clients and stakeholders are also on the line.
Pegasus Technologies, a managed IT services provider, explains, “A single data breach can cost an SMB thousands of dollars. Costs only rise as the magnitude grows and you learn the exponential ways in which your data might have been affected.” Pew Research Center, a foundation that reports on social trends and technology for the purpose of sound decision-making, matter-of-factly explains, “Cyberattacks and data breaches are facts of life for government agencies, businesses and individuals alike in today’s digitized and networked world.”
What can we do? IT departments exist just for the purpose of exerting control over what employees can and cannot access. However, companies have to be realistic. Remote employees, the work-at-home workforce and contract employees all add to a company’s security concerns. Professionals may work a little bit harder to protect their professional data and information, but sometimes they may not. After all, even a senior manager at IBM used the incredibly common “123456” as his Gmail password.
The security fatigue that is felt by everyone comes, in large part, from the unnecessary requirement to update passwords on an all-too-frequent basis. Consumers may have the excuse of not being convinced they would be a legitimate target for cybercrime, but companies cannot afford to think like consumers. If necessary, any security measures a company has placed must be looked at and rethought.
Future of Passwords and Cybersecurity
Fascinatingly, it looks like mobile devices are the pieces of technology that will inform the way passwords and cybersecurity evolve. One incredible development was the launch of emoji passcodes from UK-based tech company Intelligent Environment. At first glance, the concept of an emoji passcode sounds like pandering to millennials. But think about it: While 26 letters, 10 digits and about a dozen different keyboard symbols can give you a whole lot of possible combinations, they’re much more susceptible to hacks, especially by brute-force. Emojis, on the other hand, offer the user a lot more options, potential combinations and personalization that would be much harder for a hacker to break.
End-users are already familiar with the need to punch in a manual passcode or have their fingerprint scanned to access their mobile device, so why not apply similar technology in the workforce? CSO, a security publication from technology media company International Data Group, posits that “Biometrics is shaping up to be the new authentication as a host of identity and image-scanning innovations set the stage for the use of body scans as a complement to—or even a replacement for—conventional passwords.”
That translates to the evolution of cybersecurity through the application of such technologies like fingerprint scanners and devices that intelligently parse images. A more intimate and realistic multi-factor authentication software system, if you will.
Cybercrime and cybersecurity have been making waves in the technology and consumer industries and for good reason. Hackers and data breaches are commonplace. Our digital lives are so much a direct (as much as they can be) reflection of our actual tangible lives that we have much more to lose than a points from our credit scores. Look at how much of our lives is now automated, in the cloud or connected to internet of things devices. Why not do the due diligence and apply the same amount of meticulous paranoia to your corporate persona as you do to your personal one?