Passwords occupy a peculiar position in our daily lives. They serve as a crucial defense, safeguarding our data and information from unauthorized access to our IT systems, yet they simultaneously present a challenge, often proving difficult to manage and hard to recall. Jake Moore, a cybersecurity expert with ESET, a European cybersecurity firm, offers three essential strategies to reassess your approach to passwords and bolster your defenses against cyber threats.
Embrace Password Managers: An Underestimated Tool
Password managers are a resource I strongly advocate for, and their adoption rate seems surprisingly low. Surveys indicate that globally, only about one-third of individuals utilize password managers. This figure, in my view, represents a significantly missed opportunity, as these tools can revolutionize password management. They enable the creation of robust, lengthy passwords for all your accounts and secure storage of these credentials. Their capacity to generate complex passwords eliminates the user’s burden of devising them.
This is a vital consideration, as people often resort to familiar words or personal information when creating their own passwords. Such choices can provide hackers or malicious actors with exploitable data, rendering individuals vulnerable. Furthermore, password managers effectively mitigate the pervasive risk of password reuse across multiple accounts. When a password is compromised, even by a single breach, it can be added to lists of vulnerable credentials used in attempts to gain unauthorized access to other accounts.
The reluctance to adopt password managers is a point of curiosity. It may stem from a misunderstanding of their functionality, with some perceiving the storage of passwords online, accessible via a single master password, as inherently insecure. However, this perception is inaccurate. The password vault is not merely a simple, exposed list of credentials on a server. Your data is encrypted locally on your device using a strong key derived from your master password. What is transmitted online is scrambled ciphertext, rendering it unreadable even to the password manager provider without the correct key.
Multi-Factor Authentication: A Non-Negotiable Security Layer
Even the most sophisticated password, which national cybersecurity agencies suggest can be as short as 14 to 16 characters to deter rudimentary attacks, is not an infallible shield against hackers. Multi-factor authentication (MFA) introduces an additional barrier, ensuring that every login attempt is genuinely approved by you, the user. This extra layer of security could involve a code sent to your phone. While SMS text messages can be used, they are generally considered less secure than other MFA methods. Authenticator apps represent a significant advancement in MFA, and it is regrettable that their use is not universally mandated.
Consider platforms like Instagram; they only prompt users to implement MFA after reaching 10,000 followers. This approach suggests a rationale that users approaching this milestone will adopt MFA to protect their established following. However, enforcing it from the outset, when users have no followers, might deter them from opening an account. This strategy appears misguided. Prioritizing user convenience over security is a critical error. Until MFA becomes a standard requirement, individuals will continue to face anxiety over compromised social media and other online accounts. Therefore, it is imperative to enable MFA wherever it is available.
Eliminate Passwords Where Possible: The Rise of Passwordless Solutions
Passwords, while serving a purpose, are far from ideal. Fortunately, a more modern and secure alternative is gaining traction rapidly. The digital landscape is increasingly shifting towards a passwordless future, a development that represents a significant step in the right direction.
This alternative is known as passkeys. Their primary advantage lies in their ability to minimize human error in the authentication process. Instead of manually entering a password, users can log in using their device or a secure key stored on their smartphone, frequently authenticated through a fingerprint scan. Underlying this simplified process are cryptographic keys performing complex operations, but these are hidden from the user, maintaining a straightforward experience. This inherent simplicity makes passkeys a transformative innovation, as they remove the temptation for users to reuse outdated passwords or append predictable characters to familiar ones.
In some respects, passkeys might seem too straightforward. When discussing them, people express suspicion, believing that a simple process must also be easily exploitable by criminals. However, this is not the case. The underlying technology operates with a level of complexity far exceeding the user’s perceived ease of use.
Passkeys are not yet universally supported, and challenges remain, particularly concerning device loss. Nevertheless, passkeys represent a substantial advancement by addressing one of the oldest and most vulnerable aspects of digital security: the password itself.
As told to Chris Stokel-Walker