Rethink your password hygiene

Just like a gate limits intruders from accessing a home, a password is the easiest means of proof to limit access to your digital information.

We use passwords to ensure privacy, information security, and in a broader perspective to ensure confidentiality, integrity, and availability.

Increasingly, the cost of using passwords is now being associated with the security risks outweighing the benefits.

A Microsoft white paper on passwords shows that even the strongest passwords are now easily vulnerable to attacks, and user resistance to password requirements is becoming high.

The internet architecture gives so many points of access to your private information.   

One such instance is the mobile network operators or Internet service providers who can easily track a user’s browsing habits and history, the websites you visit, and your online activity.

The need for a password is a necessity in our digital lives. This perhaps, is because people socially interact, work and transact business online.

The desire to have an online presence has pushed the average number of social media accounts to 8.4 per person as of 2020.

The growth captured by the Global Web Index, shows the number of digital accounts per person is up by 75 percent from 4.8 accounts per person in 2014 to 8.4 in 2020.

Firstly, this growth is attributed to multi-networking, which relates to the widening of platform choice.

Secondly, it is also down to specialisation of individual platforms, such as Instagram for photos, YouTube for video, and LinkedIn for work.

This means a digital user needs a password for each of the accounts they own.

Digital users are sometimes faced with ‘password fatigue’ resulting from trying to create and remember so many passwords for different accounts.  

Mustapha Mugisa, a digital expert, points out that too many passwords is a sign of poor cyber hygiene.  

But it could also mean you have so many resources you need to restrict or limit access.

It is common practice to attempt to minimise password theft by encouraging the use of strong, complex passwords and requiring frequent password changes.

However, these tactics often result in poor user behaviour, easy -to-guess password changes and can drive up frequent password resets.

Using the analogy of a house, Mugisa relates having many digital accounts to too many doors in your house.

“This means you have got to have many locks and keys to limit strangers. So, as a house owner with something to protect, you benefit from higher security but that also means managing many keys which could be difficult,” he says.

The idea of having so much to share online including credit card information, birthdays or even a vacation has made passwords more vulnerable to cyberattacks.  

Alternatively, some users have turned to single passwords for the digital different accounts they own- which is a negligent habit, according to Emmanuel Chagara, a cybersecurity expert at Milima Technologies.  

 Facebook founder Mark Zuckerberg was a victim of hack for his LinkedIn account in 2016 after hackers realised he used a single password. 

Zuckerberg was using the same email and password for his multiple social accounts, thereby enabling several of his social accounts to be compromised in succession.   

Mugisa says the solution to having so many passwords is to make the password manager your friend.  

Essentially, a password manager is a programme that houses all your passwords in one convenient location with one master password.

With a password manager, Mugisa says you keep many passwords in an encrypted container that you can open with one passphrase that you keep.  

Mugisa says password managers offer an extra layer of protection with two factor aunthentication. As a result, each time one attempts to login in your password manager, a unique one- time verification code is sent to your mobile phone.

“The other option is to use one password, but keep changing it often. You make it in a way that it is easy to remember, but difficult to crack or copy,” he notes.

PIN and password are different

The Microsoft white paper describes a PIN as different as, and more secure than a password.

A PIN looks very much like a password—which may lead some people to believe they are the same thing.

A PIN can be a set of numbers, but an enterprise policy might allow complex PINs that include special characters and letters, both uppercase and lowercase.

 However, it is not the structure of the PIN such as its length or complexity that makes it better than a password—it’s how it works.

 A PIN is tied to the specific device it was set up on. Without the device, the PIN is useless. If someone stole your PIN and wanted to sign in to your account, they would need your physical device, too.

Biometric access systems can get vulnerable to hacking and spoofing.

A common biometric attack method involves trying to spoof someone’s fingerprint or iris, with the goal of tricking the system into thinking it is real.

Any spoofing or hacking attack would first require the attacker to gain custody of the device. Beyond the various layers of protection, many biometric systems today have built-in detection to validate any biometrics presented.

However, since your signature is only used to unlock your device—and never to authenticate you over the network, there is no single collection point an attacker can compromise to steal it.

A passwordless future 

Eliminating passwords

Microsoft, a tech multinational is mooting for passwordless multifactor authentication across its devices.  

Passwordless multifactor authentication is used to replace passwords with secure alternatives that work across a broad set of devices and services. Here, users have the option to either sign in directly via biometric recognition—such as a fingerprint scan, iris (eye) scan, or facial recognition system—or with a PIN that is locked and secured on the device.