Securing your Digital Assets: Passwords
Craig Smallman - IT Support (Infrastructure) at moneyinfo Limited
Passwords are now a critical part of everyday life for everyone in the UK and there’s no way of getting away from it!
You need a password for logging onto every system you use. Examples would be your bank, a cash machine, to log onto your home computer, your email, at work (perhaps many!), onto your phone – usually using a PIN - and of course your moneyinfo client portals!
It’s incredibly difficult to keep tabs on all of them, but the rest of this article will help you to managing them more effectively, or at the very least give you best practices to avoid the biggest mistakes when creating and using passwords. Please read on; even the simplest of changes can help you secure your digital assets.
Creating new passwords
There are many different ways to create passwords, the first thing to avoid is any personally identifiable information, for example anything that can be found on Facebook or other social networks.
Such items could include:
- Pet names
- A notable date, such as a wedding anniversary
- A family member’s birthday
- Your child’s name
- Another family member’s name
- Your birthplace
- A favourite holiday
- Something related to your favourite sports team
- The name of a significant other
- The word “Password”
The 10 items listed above were identified by Google in a study from 2013 to be the most popular methods of password choice. Not only do you need to avoid them, but also make sure that you don’t just add a number to the end. Those additional numbers don’t really make your password much more secure, certainly if it’s the year you were born!
That’s not all you should avoid. There have been many high-profile data breaches around the world over the last few years; from these breaches studies have been done on those passwords. You can find the top 500 from 2010 here. Is yours there (or there with a number on the end)?
If so, you have an incredibly weak password based on any of the top 500, your account could easily be breached. The Top 25 for 2015 are also listed in the table below:
I’ve got too many passwords
Not a problem… ensure you write it on a post-it note and place it next to your computer, or maybe under your keyboard for “extra” security. I’m joking of course , but it can be a real problem for people to safely keep track of all of their passwords.
One recommendation is to use a password manager. We won’t promote one here, however, if you search the internet for “Password Managers”, you will find many reviews of many different products. Benefits include having all of your password information secure in one vault and being able to automatically generate complex passwords which are store against your accounts.
Some of these are free and even cloud based, so there’s no real excuse for a post-it note culture.
I only use one password so it’s easier to remember
Although this makes it very convenient for you, if you use this one password in multiple places all it takes is one breach from one site where you use it and you can be completely exposed. A miscreant could immediately have your email address and password to many different services, such as Facebook, your bank, your email account, etc. With only a little more amount of effort, they could completely take over your identity. This could be incredibly costly and distressing.
Some data breach examples are:
- LinkedIn – 8 million accounts
- Yahoo – 500 million accounts
- MySpace – 359 million accounts
- Adobe – 52 million accounts
- Dropbox – 68 million accounts
- Talk Talk – 157,000 accounts (TalkTalk have recently been fined £400,000 for their data breach – a UK record)
The website https://haveibeenpwned.com have gathered all of these breached databases above (and many more) and have made a service so you can put in your email address and check if you have had your details compromised. If you have, and use this password elsewhere, it is highly advisable to change your passwords for all services.
Secret questions
The answers to many Secret Questions you may be asked to provide can easily be found. Your mother’s maiden name is probably only a couple of clicks away from your Facebook page. There’s probably a picture of your pet or children on there too, along with birth dates of your entire family.
Rather than using anything that can be found online, one tip is to make something up. For your betting website, your mother’s maiden name is now “Ambulance”. For your online shopping account, it’s now “Volkswagen”. Consider it an additional password, but do remember to make a note of these details in your password manager!
Secure your social media
As mentioned above, it can be extremely easy to find valuable information about someone from their online profiles. Ensure that you have locked it down by only sharing information with people you are comfortable with. It is very bad practice to allow everyone to see everything.
Two factor authorisation
Wherever the option exists online, turn on Two Factor Authentication. Two-factor authentication is a security process in which the user provides two means of identification; normally something you know (Your Password) and something you own (an app on your mobile phone) or a temporary code (Sent via SMS). This can stop many attempts to access your account, even if they are able to guess or have your password.
Summary
Password fatigue is a real issue, with the average person having to remember so many passwords, that security starts to fail as they simplify their password choices. Simply put, it is incredibly important for your digital assets to have a password that is secure, unique and that uses no information in your personal life. The advice of many security professionals is to use a password manager to take away the headache of password management.
Just don’t forget the password to it…
If you want to offer your clients access to their financial life via our secure, online moneyinfo client portals, talk to us and we’ll show you how our technology will complement your advice service.
Get a demonstration of our award winning moneyinfo client portals by signing up to one of our regular webinars.
