Security data breaches are nothing new and seem like a common occurrence. In fact, they are more common than ever; most users do not even pay attention when they hear on the news that another company has suffered a data breach. The landscape for cyber-attacks is evolving due in large part to COVID-19 and the current pandemic. More and more users are shifting to remote work and learning, leaving them more venerable than ever to sophisticated cyber attacks.
In 2020 alone, there was an estimated 16 billion records of information exposed (Dutta, 2020). The information exposed includes usernames, passwords, and/or personal identifiable information (PII) like social security numbers, driver license and in even banking information. This information is then bought and sold on the “Dark Web.”
The dark web is a World Wide Web that exists only by using specialized web browsers. The main use of the dark web was to keep user activity anonymous and private – this has helped foster the illegal activity that primarily takes place on its network.
With the sheer number of data breaches and records exposed, it is safe to assume that you have already been victim in at least one of these breaches. As a recent example, Marriott disclosed a security breach that effected the personal identifiable information of 5.2 million hotel guests who used their loyalty application (Lyles, 2020). And there have been numerous other situations, just like this, with information exposed through fraudulent efforts.
The problem for many of us is if one of our passwords is compromised, the bad guys have gained access to every site that shares that password. Many of us say we do not reuse passwords, however a recent Google survey found that at least 65% of users reuse passwords across multiple sites, and in some cases, all their sites (Google, 2018). Microsoft released another similar study that says there is a total of 44 million users that reused passwords and at least 30% of their modified passwords could be cracked within just 10 guesses (Cimpanu, 2018). As we consume more services online the number of usernames and passwords we must manage continues to grow.
With the holiday just past, now is a great time to take control of your digital footprint and follow these steps to secure your online accounts.
- Create unique passwords for every site you register an account with – NO EXCEPTIONS
- Passwords should be phrases or sentence based and at least 15-characters in length.
- Enable multi-factor authentication (MFA)on any site that offers it – Microsoft said that enabling a MFA security measure for a Microsoft account blocks 99.9% of all attacks (Cimpanu, Microsoft: Using multi-factor authentication 99.9% of account hacks, 2019).
It sounds easy, right? Just create a unique, strong password for every site you access – what’s the problem? The problem is if you are like me and cannot remember what you had for dinner yesterday, you need help. This help comes in the form of a password manager application.
Password manager’s make it easy to take control of your usernames and passwords. There are many of these products available - Google, Apple, and Microsoft offer free password managers natively within their operating systems. While better than reusing passwords, these solutions have their limitation – Apple’s Keychain does not work on PCs, and Microsoft’s and Google’s password managers only work within their web browsers.
3rd-party password managers applications like 1Password and LastPass provide the additional security controls like Multi-factor authentication and functionality, and include the ability to access and synchronize your password across all your devices, and in many instances also provide the ability to autofill your usernames and passwords.
Password managers like 1Password and LastPass make it so you only must remember one password - just the password to your Password Manager. So, take time this winter to take advantage of the increased security posture and begin to use a password manager for your digital footprint.
Cimpanu, C. (2018, December 5). 44 million Microsofot users reused passwords in the first three monthsl of 2019. Retrieved from ZDNet
Cimpanu, C. (2019, August 27). Microsoft: Using multi-factor authentication 99.9% of account hacks. Retrieved from ZDNe
Dutta, P. (2020, August 1). 5 Biggest Data Breaches of 2020 (So Far). Retrieved from Security Boulevard
Google. (2018, December). Online Security Survey - Google / Harris Poll.
Lyles, T. (2020, April 1). Marriot discloses another security breach that may impact over 5 million guests.