Password reuse gift for hackers
Remembering and changing passwords regularly is the top source of cyber fatigue for users and also the easiest vulnerability exploited by hackers, according to the 2017 Thycotic Black Hat Hacker survey report. Consequently, using multi-factor authentication and encryption can be the biggest barrier against attacks, it said.
“Determining and remembering strong and unique passwords for multiple accounts can be difficult, many users tend to abandon safety for convenience. Poor password hygiene makes accounts vulnerable to takeover attacks. These attacks can be eliminated with the use of single-sign on and multi-factor authentication technologies,” said a Symantec spokesperson. Important passwords should be at least eight-10 characters long and include a mix of letters and numbers, said Symantec.
Thycotic also noted that it is equally important to secure one’s social network accounts as hackers can use these to infiltrate office computer and emails. This may be due in part to what researchers are calling “security fatigue”, whereby users feel overwhelmed with security warnings and return to habits they are most comfortable with, but which may put their organisations at greater risk of a breach, said the report.
“An average Internet user today has many online accounts. To keep it simple, users typically re-use same passwords across multiple accounts. One way to solve this problem is to use password managers/vaults. These are simple password management tools that store your password in an encrypted fashion on your laptops/mobile and makes it easy for you to retrieve passwords when you need it,” said Gautam Kapoor, partner, Deloitte Touche Tohmatsu India LLP. Enabling two-factor authentication or out-of-bank authentication is also a must with any online email accounts today offering these services, he added.
Thycotic noted that 53 per cent cybersecurity professionals haven’t changed their social media passwords in more than a year while 20 per cent have never changed passwords while also using birthdays, addresses and pet names among others making them easier to hack.