Internet users across the globe are yet to master how to use passwords effectively to protect themselves online. Research from Kaspersky Lab has shown that people are putting their online safety at risk by making bad password decisions and simple password mistakes that may have far-reaching consequences.
The research unearthed three common password mistakes that are putting a large number of Internet users at risk: (1) people use the same password for multiple accounts, meaning that if one password is leaked, several accounts can be hacked. (2) People use weak passwords that are easy to crack and (3) people store their passwords insecurely, defeating the point of having passwords at all.
“Considering the amount of private and sensitive information that we store online today, people should be taking better care to protect themselves with effective password protection. This seems obvious, but many might not realise that they are falling into the trap of making simple password management mistakes. These mistakes, in turn, are effectively like leaving the front door open to emails, bank accounts, personal files and more”, says Andrei Mochola, Head of Consumer Business at Kaspersky Lab.
The research shows large numbers of people (almost one in five – 18 per cent) have faced an account hacking attempt but few have effective and cyber-savvy password security in place. For example, only a third (30 per cent) of Internet users create new passwords for different online accounts and a worrying one-in-10 people use the same password for all their online accounts. Should one password be leaked, these people are therefore at risk of having every account hacked and exploited.
People are also not creating passwords that are strong enough to protect them from hacking and extortion. Only half (47 per cent) use a combination of upper and lowercase letters in their passwords and only two-in-three (64 per cent) use a mixture of letters and numbers. That’s despite the fact that users think their online banking (51 per cent), email (39 per cent) and online shopping accounts (37%) need strong passwords.
The study also shows that people are mistreating their passwords – by sharing them with others and using insecure methods to remember them. Almost a third (28 per cent) has shared a password with a close family member, and one-in-ten (11 per cent) has shared a password with friends, making it possible for passwords to be unintentionally leaked. Over one-in-five (22 per cent) also admitted to writing their passwords down in a notepad to help remember them. Even if a password is strong, this leaves the user vulnerable because other people may see and use it.
Mochola continued, “The Internet has been around for a while now but people are still making simple mistakes when it comes to online passwords. The best passwords cannot be found in the dictionary. They are long, with upper and lowercase letters, numbers and punctuation marks. However, with people having so many online accounts today, it’s not easy to remember a secure password for everything. Using a password management solution can help people remember and generate strong passwords to minimise the risk of account hacking online.”
Kaspersky Password Manager securely stores all passwords, addresses and credit card details, and synchronizes them across all devices so that users only need to remember one master password.
David Emm, Principal Security Researcher at Kaspersky Lab:
It is possible to create strong, memorable passwords which don’t use personal data.
Instead of trying to remember individual passwords, start with a fixed component and then apply a simple scrambling formula. Here’s an example: start with the name of the online resource, let’s say ‘mybank’. Then apply your formula: e.g.
1. Capitalise the fourth character.
2. Move the second last character to the front.
3. Add a chosen number after the second character.
4. Add a chosen non-alphanumeric character to the end.
This would give you a password of ‘n1mybAk;’.
There is an alternative method too. Instead of using the name of the online resource as the fixed component, create your own passphrase and use the first letter of each word. So if your passphrase is ‘the quick brown fox jumps over the lazy dog’ the fixed component of each password starts out as ‘tqbfjotld’. Then apply your four step rule.
By using either of these methods, consumers can ensure they have a unique password for each online account and therefore secure themselves against types of breaches that make use of previously gained information.
If you find even this too complicated, consider using a password manager – software that automatically creates complex passwords for you, keeps them secure and auto-enters them when you need to log in.