When your password isn’t enough to protect your identity
- Published: Monday, 05 August 2019 11:17
Even using a password manager won’t protect your account 100%. People will still fall for a phishing attack, or a brute force attack. This is easily done by clicking a fake link provided or downloading unsafe software.
It’s also possible that your credentials will be stolen from a service provider. Sites experiencing data breaches and losing customer names and passwords barely make the news as it’s becoming more common.
These compromises are why changing your passwords and using different passwords for every account are considered best practises, especially within the workplace.
If a breach is discovered, change your password and consider employing something even more secure such as multi-factor authentication.
Best practices for keeping your details safe are:
- Use a long, complex password with a mix of letters, numbers and special characters.
- Don’t use identifiable words or phrases
- Change your password regularly
- Use a different password for every account, and don’t have a pattern to them
Use a password manager to create and store your passwords – it’s basically a lock box of all your passwords that will automatically fill them in for you on most sign in forms. You can also copy/paste if needed.
The difference between two-factor authentication and two-step verification:
Two-factor authentication (2FA) - traditionally requires two different types of authentication. That can include something you know (password), something you are (fingerprint), or something you have (a secondary trusted device).
Multi-factor verification (MFV) - on the other hand, can use the same type of information delivered by different sources. For example, a password you remember plus a code you're sent over SMS.
Two or more of these factors can be more secure, but two steps are typically enough for most online accounts. It's an updated version of the older security questions. It not only helps you avoid needing to remember your random answers, but it also removes the risk of relying on potentially easy-to-find information. With Microsoft Office 365 you can also ensure that some countries IP addresses are blocked to reduce the risk of breaching.
Whilst the above seems very obvious as well as basic, it is also very easy to overlook how long you’ve had the same passwords, and who else knows them.
Most banks have moved to either 2FA or MFV and Microsoft are now recommending that all office 365 administrator accounts use their 2FV system. We expect this to be common practice for most businesses in the next year.
If you would like to discuss the above further then please feel free to contact us for some advice.