Web of lies! How to stay safe online and avoid cyber scams
Hackers are having a f ield day, but an unbreakable password is a key defence
ONLINE scammers have been enjoying a lockdown bonanza – and we are making it far too easy for them to steal our cash. All kinds of crime incidents fell as we – and criminals – were confined to our homes. But that didn’t stop us being even more active online – and it was the same for the scammers who have been enjoying a field day, easily getting through lax security.
Just two-in-five set different passwords for all their bank accounts – and in the UK, one in 20 use just one password for all of their accounts online, according to a report by cyber-security experts FICO.
All the criminals have to do is hack one website – and all online security crumbles.
But before you snicker at the Brits, consider this: Irish people are even worse at internet security!
Cyber security expert and author Graham Day reckons we are ‘years behind’ Britain.
‘The same does apply here [as the UK], if not to a greater extent as generally the information security maturity and culture is about 3-5 years behind UK,’ said Mr Day, Director of Cyber Guardian.
Jake Moore, a cyber security specialist at anti-virus provider ESET, said: ‘People really are in need of some password education.
‘If account holders are using the same password more than once they are at serious risk of being compromised.
‘When people say they use separate passwords, changing the number on the end doesn’t count; hackers are clever enough to check social media to get a head start into figuring it out if they are persistent enough.’
So what do we need to do? ‘Traditional guidance for passwords was complexity, lower case, upper case, special characters, etc, changed every 90 days,’ Day said
But there has been a dramatic change in advice recently.
Security experts ‘realised these complexities were difficult to remember for most so it has changed to longer passwords which should remain in use until compromised,’ he said.
‘This suits most people. If they have a password which works they will prefer to use it.’
Yet, while we may now be allowed to pick less complicated passwords, the number of online accounts held by each one of us has by now ballooned to a whopping 90 on average. How on earth are we supposed to
remember them all if they are all different?
Experts suggested two different ways of getting around this.
The first, which Moore advocates, is to use an online password manager, where you need to remember only one password and it keeps all the rest encrypted and stored for you.
The two best known ones are 1Password, which costs money, and Bitwarden, which doesn’t.
Moore said: ‘Password managers should not be feared.
‘The clever use of two-factor authentication and robust encryption are a far stronger mix than using the same few passwords.
‘You no longer need to reuse any passwords on accounts, nor use memorable facts such as your dog’s name, or your kid’s birthday.
However, Graham Day says: ‘For a password manager to be used you must trust the provider with all your passwords. You are giving the provider your entire existence in one fell swoop.
‘Every provider has employees and the insider threat risk. I have no confidence in the insider threat management of these providers and so have my reservations.
‘I will not use them.’
Day recommended encrypting a word document and using it to store passwords. It’s easy: go to ‘tools’ at the top of the page, then choose the ‘protect document’ option and pick a password (and please not ‘1234’ or ‘password1’!)
‘Not even Microsoft can access the document. All our passwords are recorded on the document. With smartphones we can access the document anytime.’
If you’re not up to passwordencrypting a Word document, you could also write them down in on the good old-fashioned failsafe option that will have the cyber experts rolling their eyes – paper! Just remember to keep it somewhere secure and never take them out of the house.
The ongoing development of facial recognition and fingerprint encryption is another development that could soon free us from the tyranny of remembering 90 different passwords. It also opens up another option – let your computer or smartphone pick complex passwords for you and automatically recall them whenever you sign up to the account in question.
The problem with this system is what happens if you don’t have your phone or laptop with you – or worse, much worse, if it is stolen?
Even Apple’s much-vaunted encryption technology can be cracked, as we highlighted recently. A reader’s iPhone 8 was stolen – and within hours his whole identity was too, despite fingerprint-security.
The website HaveIBeenPwned.com can help with security by revealing if you have been compromised.
Last year, I found an old email address had been hacked eleven times. It was among 164million hacked in 2012 from career website LinkedIn, 360milion stolen from Myspace in 2008 and another 144 milion taken from MyFitnessPal in February 2018.
I had no idea how badly I had been compromised until I looked it up after being contacted and threatened online by a scammer.
The bottom line is that there is no easy or foolproof way to beat the online villains.
But it pays to take precautions – and to be aware if you have been hacked.
Graham Day’s book Security In The Digital World includes ten top consumer-friendly tips for internet security and is available through Amazon.