Skip to Content

Passwords … mind over matter

Passwords … mind over matter

I’m always fascinated when I see articles stating that the top passwords of the year were “password” “1234” or “qwerty” or even “abc” in conjunction with the millions of articles about data breaches that offer easy-to-do actions for people to take to protect their personal data, either personal or work. Why are the exact same, weak passwords being used over and over when people know and understand that data can and most likely will be hacked? I recently attended “The Psychology of Passwords” webinar, hosted by the National Cyber Security Alliance with Gerald Beuchelt, CISO, LogMeIn, who presented the third annual LastPass research, to find out. 

Approximately 3,250 people around the world —Australia, Brazil, Germany, United Kingdom, the United States and Singapore — (and based on this research, presumably more people like you and I) are caught in the cognitive dissonance trap of not protecting themselves from security risks even though they know they should. Even having a security-conscious mindset does not translate into taking the actions needed to protect against cybercriminals. But, why?

Believe it or not, the most common reason is fear, the research found. People are afraid they’ll forget their passwords, which is logical, thinking about the barrage of passwords a single person uses in a day from email to banking to social networking and simply creating a user name and password to read favorite news media. However, by using the same password over and over, all it takes is one time for a hacker to gain access to a single account and then BOOM! … they have access to ALL accounts.

In my opinion and to take the fear of forgetting off the table, the safest way to remember and protect passwords is the pen and paper method: list the website in one column and the strong, robust password in the adjacent column, and then store in a fire-proof safety box. Not too exciting, but effective. 

Going along with the fear of forgetting is the act of memorizing, but seriously, if using strong, robust and different passwords for each account, only a superhero could memorize them. Besides, memorizing isn’t working anyway … how many times do you reset your password because you forget it?! That would be me! 

(Confession: In the past, I have even used variations of the same password for my various accounts and “memorized” them, only to forget which password variation went with which account. Then, I’d have to reset my password just to access a single account, and then of course, I’d forget the “new” password, only to reset it again the next time I accessed the account. Ah, the never-ending password-reset-cycle begins!)

On a positive note, LastPass research also found that people are doing some things right: 

  • Using multifactor authentication more often on personal accounts;
  • Trusting biometrics: of those surveyed, 65 percent said they trust fingerprint or facial recognition more than tradition text passwords; and
  • Protecting financial and email accounts more often: 69 percent of those surveyed create stronger passwords for their financial accounts and 47 percent for email while 62 percent use multifactor authentication on financial accounts and 45 percent of email.

 

Here are some other things to do to secure your accounts: 

  • Make sure passwords are 20 characters or more, randomly generated, containing a mix of lower and uppercase letters, digits and symbols.
  • Turn on multifactor authentication for all accounts that offer it.
  • Monitor data with credit monitoring and/or dark web monitoring services.
  • Keep software up-to-date.
  • Watch for phishing attacks, which are highly prevalent these days.

Comments

To comment on this post, please log in to your account or set up an account now.