Password and identity theft behind most data breaches
Eric Springler (Computer Systems Technology '96) tries not to focus too much on passwords.
That may sound strange for someone in the role of NAIT’s chief information security officer but Springler has good reason for knowing as few of his account passwords as possible. It’s just safer that way, given malware that can record keystrokes and human brains that can only hold so many combinations of letters, numbers and symbols.
“If you’re not typing in your password that’s probably for the best,” he says.
We talked to Springler, who oversees online security for an institute of more than 2,300 staff and thousands more students, about an alternative to a practice of keying sequences that, in 2020, enabled four out of every five data breaches.One password to rule them all
A dictionary hardly sounds like a nefarious tool but the version used by online criminals is the equivalent of a lock pick set. It’s a list of usernames and common passwords that hackers will cycle through to crack an account.
One solution is to have a password made for you that no dictionary will contain. To that end, “Everybody should have a password manager,” says Springler.
A password manager app builds strong, distinct passwords for each of your accounts and stores them encrypted until they’re required, relieving you of the need to keep track of them.
“There’s no reason you should know your passwords anymore,” says Springler. “You should know your password manager’s password, and that’s it.”
Make that a strong password
This is not the time for Password1234 (Springler would tell you there's never a time for that, of course). Your password manager is now a gateway to accounts that include everything from Instagram to your online banking. You need to protect it.
Don’t use words that have a discoverable personal connection to you. Throw upper- and lowercase letters into the mix, along with numbers and special characters.
What’s more, “Passwords get progressively more difficult to hack the longer they are,” says Springler. Try a passphrase, he suggests, or a series of words that’s easy to remember but tough to guess.
Enable multi-factor authentication
“I highly recommend – especially if you’re not going to use a password manager – to enable multi-factor authentication,” says Springler.
As breaches via usernames and passwords increase, many sites have implemented multi-factor authentication as another safety feature against hackers. This tool is dependent on a device you alone will have.
A hacker might crack your password, for example, but they won’t have your smartphone – to which the account will have delivered a code required to complete the sign-in process.
“This used to be very foreign but now it’s commonplace,” says Springler.
Security and convenience
None of this relieves us of the need to look after ourselves online. We must remain aware of the risks and stay vigilant, says Springler. But, in the case of password security, the unfortunate irony is that our passwords themselves can put us at risk.
Consider reducing that, as Springler does, by being less involved. Likely, you’ll never be as good at password creation and management as a trusted app anyway.
“It’s a convenience as well,” says Springler. “I’d rather have my password manager punch in my password for me.”
Banner image by Ivan-Slobodianiuk/istockphoto.com