When we think of biometric password security, we think either of unlocking our iPhones with our fingerprint, or if you’re anything like me, you think of the slick Oceans’ Eleven team using retinal scanning technology to break into a high security vault in a Las Vegas casino basement. You don’t think of Clooney? Just me? Ok then. The reality is that, whether we realise it or not, our lives are migrating towards existing in an online parallel universe, which means we need to start thinking seriously about passwords, password security, and password management. The password is the key. Password security refers to how strong your password is. Password management is all about your usage practices.
Historically, other than personal safes in our homes or combination locks, individual password security started getting serious when we needed to remember our pin for our bank cards at the ATM. We were told that if someone had our pin, they would have access to all our hard-earned money; easy concept to understand, and easy to see the potential threat. But with the advent of the internet, the need for passwords escalated exponentially. We suddenly needed passwords to get access to our email accounts, to log into social media profiles and to make purchases on online shopping sites. We all understand that passwords are necessary, but they can be a pain and an inconvenience. I mean, how many passwords can you really remember, and even after we have thought of a password, it is rejected for not being strong enough—it’s not at least six characters long, with at least one number, one symbol, an uppercase and lowercase letter! If you’re frustrated just at the thought of creating a new password, and have stuck to “123456”, or “qwerty” or have used the same password on several different sites, I suggest you give a lot of consideration to changing your stance on password security.
Depending on how strong your password is, and whether you have kept it a secret, you could be doing a good or poor job at protecting yourself from the dangers of being hacked. Being hacked is basically the cyber equivalent of someone breaking into your home, changing the locks and brazenly moving into and occupying your house. Actually, it could even be worse than that! Imagine, for a moment, that a malicious person found out what your online banking password was and withdrew all your money? And because you use the same password for your social media accounts, and your email, they also had access to post or send whatever they liked to your network just to damage your reputation? They could then change your old passwords to new ones just to lock you out of your own accounts. Someone could literally take over your life if they just found out one password! You may think that this sounds far-fetched, or that it wouldn’t happen to little ol’ you because you’re not that important (I mean it’s not like you own a Las Vegas casino, right?) but you would be wrong on both counts.
Fact: if it can connect to the internet, it can be hacked. In this day and age that means your laptop, tablet and phone are the obvious devices, but this also includes your car, and even the CCTV cameras the home security company installed. This can all be prevented however if you know how to choose a strong password, and once you have created that password, how to manage it well by not telling anyone.
We spoke to cyber security experts who told us that South Africans are some of the easiest people in the world to hack. Shockingly, research shows that South Africa is the third most popular place in the world for cyber criminals. Researcher at Stellenbosch University, Rika Butler, revealed that we South Africans tend to think that we’re good at creating strong passwords, but in reality we’re not. She also shared that once we’ve created that password, we tend to share it with loved ones when we shouldn’t be sharing them with anyone.
Artificial intelligence expert Evan Knowles said that the best thing you can do when it comes to passwords, is to create passwords that not even you can remember. He advises that we should start using password generators that spew long, unique passwords for each site or account that you need. Then we need to use a secure password manager, that will store all of the passwords generated for each account. The irony of course is that you will need a password to unlock your password manager. But the advantage is that you only need to remember one.
After finding out how easy it is for hackers to crack our passwords and get access to our personal accounts, I’m now rethinking my philosophy on “one-password-for-all”, that is clearly not just outdated but also quite reckless. As cyber security expert Evan said in our chat, “when you lock your door every time you leave home, you should ask yourself: what have you done to protect your passwords today?”
Top 5 tips from our password experts:
- Do not use the same password for multiple accounts.
- Do not use the names of your families, friends and pets; or any phone numbers, birth dates, ID numbers in your passwords.
- Do not use something that can be cloned (but that you can’t change) as your passwords, such as your fingerprints.
- Do not let your web browsers store your passwords, since all passwords saved in web browsers can be revealed easily.
- Turn on 2-step authentication whenever possible.