World Password
Day: The ‘key’ to your treasures
Day: The ‘key’ to your treasures
3 May 2018 – Thursday, May 3 is World Password Day,
an annual event that takes place around the world to raise awareness of the
importance of strong passwords and best practices for online account
security. With the continuing proliferation of cyberthreats, it’s a timely
reminder that one of the most effective steps people can take, online, to
protect themselves and the companies they work for is also one of the simplest.
Nick
FitzGerald, Senior Research Fellow at ESET, said, “Regardless of how passwords
are stored, if users choose simple or easy-to-guess passwords, then they’re
still at risk of being hacked.”
FitzGerald, Senior Research Fellow at ESET, said, “Regardless of how passwords
are stored, if users choose simple or easy-to-guess passwords, then they’re
still at risk of being hacked.”
Brute force
password cracking, where a trial-and-error method is used by an application to
decode encrypted data such as passwords, may have seen KrisFlyer frequent flier miles drained from the user accounts of
Singapore Airlines’ passengers.
password cracking, where a trial-and-error method is used by an application to
decode encrypted data such as passwords, may have seen KrisFlyer frequent flier miles drained from the user accounts of
Singapore Airlines’ passengers.
Simple
passwords aside, another poor practice is re-using the same password. Users run
the risk of having multiple accounts compromised should a hacker get lucky on
just one platform.
passwords aside, another poor practice is re-using the same password. Users run
the risk of having multiple accounts compromised should a hacker get lucky on
just one platform.
“World
Password Day aims to stop these behaviours and to encourage all computer users
to strengthen their password practices. It’s also worth considering two-factor
authentication so that, even if a hacker guesses the password or obtains it via
phishing, they still won’t be able to access the account without entering a
code that is, for example, sent to the user’s mobile phone.” FitzGerald
emphasises.
Password Day aims to stop these behaviours and to encourage all computer users
to strengthen their password practices. It’s also worth considering two-factor
authentication so that, even if a hacker guesses the password or obtains it via
phishing, they still won’t be able to access the account without entering a
code that is, for example, sent to the user’s mobile phone.” FitzGerald
emphasises.
While there
is increasing awareness of the importance of creating strong passwords, people
still feel overwhelmed by both the number of devices they have to manage and
passwords they have to remember.
is increasing awareness of the importance of creating strong passwords, people
still feel overwhelmed by both the number of devices they have to manage and
passwords they have to remember.
Here are
five key ways that people can strengthen their password behaviour without
having to commit long, complex passwords to memory:
five key ways that people can strengthen their password behaviour without
having to commit long, complex passwords to memory:
1. Close
all accounts that aren’t regularly used. Closing old accounts and maintaining
just one account on each social media platform can help protect users’ privacy,
especially if they contain sensitive information.
all accounts that aren’t regularly used. Closing old accounts and maintaining
just one account on each social media platform can help protect users’ privacy,
especially if they contain sensitive information.
2. Treat
accounts differently. Some accounts contain important or sensitive
data while others don’t. For those with important data such as bank accounts,
health information, and the like, it’s essential to create long and unique
passwords. For those that don’t have important data, a shorter, simpler
password may suffice.
accounts differently. Some accounts contain important or sensitive
data while others don’t. For those with important data such as bank accounts,
health information, and the like, it’s essential to create long and unique
passwords. For those that don’t have important data, a shorter, simpler
password may suffice.
3. Use a
passphrase instead of a password. A passphrase is a sentence that’s easy to remember
and contains uppercase and lowercase characters, some punctuation and/or
special symbols, and numbers. These are most effective for users to remember,
but don’t include famous quotes from movies, songs or books, since these can be
easy to guess or obtain from social media.
passphrase instead of a password. A passphrase is a sentence that’s easy to remember
and contains uppercase and lowercase characters, some punctuation and/or
special symbols, and numbers. These are most effective for users to remember,
but don’t include famous quotes from movies, songs or books, since these can be
easy to guess or obtain from social media.
4. Use a
password manager. A password manager is a tool that encrypts and
stores all account passwords and is accessed by a single, master password. This
lets users concentrate on remembering just one complex password or long
passphrase, instead of potentially dozens.
password manager. A password manager is a tool that encrypts and
stores all account passwords and is accessed by a single, master password. This
lets users concentrate on remembering just one complex password or long
passphrase, instead of potentially dozens.
5. Enable
Two-Factor Authentication (2FA) where possible. 2FA identifies the user to a
service provider by providing a combination of at least two different
authentication methods. These may be something that the user knows (like a
password or PIN), something that the user possesses (like a hardware token or
mobile phone), or something that the user is (like a fingerprint or iris scan).
2FA offers greater account security by requiring the user to authenticate their
identity with more than one method. Opt for 2FA login methods for your email
and social media accounts for greater security.
Two-Factor Authentication (2FA) where possible. 2FA identifies the user to a
service provider by providing a combination of at least two different
authentication methods. These may be something that the user knows (like a
password or PIN), something that the user possesses (like a hardware token or
mobile phone), or something that the user is (like a fingerprint or iris scan).
2FA offers greater account security by requiring the user to authenticate their
identity with more than one method. Opt for 2FA login methods for your email
and social media accounts for greater security.
FitzGerald
said, “Passwords are crucial to security. It’s also important to keep operating
system or application software on all devices up to date, since updates often
include security patches that will protect against new threats. Taking these
simple steps can help keep individuals and companies safe online.”
said, “Passwords are crucial to security. It’s also important to keep operating
system or application software on all devices up to date, since updates often
include security patches that will protect against new threats. Taking these
simple steps can help keep individuals and companies safe online.”
About ESET
For 30 years, ESET® has been developing industry-leading IT
security software and services for businesses and consumers worldwide.
With solutions ranging from endpoint and mobile security, to encryption
and two-factor authentication, ESET’s high-performing, easy-to-use products
give consumers and businesses the peace of mind to enjoy the full potential of
their technology. ESET unobtrusively protects and monitors 24/7, updating
defenses in real-time to keep users safe and businesses running without
interruption. Evolving threats require an evolving IT security company. Backed
by R&D centers worldwide, ESET becomes the first IT security company to
earn100 Virus Bulletin
VB100 awards, identifying every single
“in-the-wild” malware without interruption since 2003. For more information
visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.
security software and services for businesses and consumers worldwide.
With solutions ranging from endpoint and mobile security, to encryption
and two-factor authentication, ESET’s high-performing, easy-to-use products
give consumers and businesses the peace of mind to enjoy the full potential of
their technology. ESET unobtrusively protects and monitors 24/7, updating
defenses in real-time to keep users safe and businesses running without
interruption. Evolving threats require an evolving IT security company. Backed
by R&D centers worldwide, ESET becomes the first IT security company to
earn100 Virus Bulletin
VB100 awards, identifying every single
“in-the-wild” malware without interruption since 2003. For more information
visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
