Skip to main content

Blog

THE PROBLEM WITH PASSWORDS...

By Marc-Anthony Signorino, IDESG Executive Director

Today is World Password Day! Let’s celebrate with a reminder that, when it comes to securing your information online, passwords are only half the battle.

Part of the trouble with passwords? One-step authentication. The fact that passwords are really easy to hack is particularly problematic when they act as a single layer of defense protecting your personally identifiable information. Passwords are identity credentials based in user-knowledge. You know, those security prompts, like, “What was your maternal grandfather’s last name?” Nowadays, most people have enough personally identifiable information publicly available online, that cyber-criminals can easily find answers to their victim’s security questions simply by running one, measly Google search. 

That’s not to say that you should just throw in the towel on passwords. They are, largely, unavoidable. Many widely used websites still only offer one-step authentication, and a password is often the only authentication factor keeping a user’s private information safe from unwanted eyes. So what can you do to protect yourself? It’s smart to take note of websites’ authentication requirements, to understand the risks you take by sharing your personal information online and to be mindful of those whom you grant access. Never use the same password twice and don’t hold back on making them as complicated as possible. A password wallet/manager is a useful and secure way to keep track of them all.

But the times, they are-a changing.

As you become more familiar with online privacy tools, you’ll notice that it is becoming increasingly common for websites to either offer or require multi-factor authentication. Multi-factor authentication creates a multi-layered defense by combining multiple authentication credentials. For instance, the first authentication factor may be based on what the user knows (a password), the second may be based on what the user has (a security token) and a third (but still very rare) may be based on what the user is (a biometric verification, like a fingerprint or an eye scan).

It’s important to remember that it is far easier for a website to appear as if it is properly securing your information than to actually do so. We have yet to see a fail-safe method for securing people’s information online, an unfortunate reality demonstrated by successful hacks into some of the most well protected sites. The best way to mitigate personal risks is to take back control of your personal information, by knowing exactly where it lives. Check out related tips and tricks here.