It’s pretty obvious that passwords have become ingrained in our online experience at virtually every level. For me, I have the same password for nearly everything. When I turn on my computer, when I check my email, even when I buy a new dress off of my favorite clothing site, I use this password. In the online world there is really no escaping using a password to protect your account. Yet, given the current hack attack climate of the Internet, how secure are passwords?
Adding to the already lacking password protection environment is the user’s preference for a single username and password for all online destinations. While this one-size-fits-all approach makes logging in simple and straightforward, it makes it pretty easy for a thief to only have to guess correctly once, to have access to a host of accounts. This “life password” is a recipe for disaster, making hackers lives way too easy.
With the rise in social media use, a majority of online users publish vulnerable information without a second thought. Online users now freely give up access to some of their most personal information, including: addresses, phone numbers, and work history. Despite the sensitivity of this information, most websites continue to use password reset challenge questions like, “Name of your favorite pet”. Given such general and indiscriminate safeguards, it would be easy for someone to guess the answer by just spending some time on a user’s social profile.
The issues associated with weak or easy to guess passwords have come to the attention of security professionals who are now recommending enhanced password security through a variety of measures. One such tactic includes two-step verification, a process in which a verification code is sent to a users phone, and the user then enters the code back onto the site to redeem account access. This extra step is not mandatory, but users who perform two-step verification gain additional safeguards:
- Protection from account hijacking
- Alerts if an account compromise takes place
- Ability to securely re-set their password without help desk assistance
If you’re like me, you always have your mobile phone with you. This trend makes it natural for the phone to become the next step in security. Passwords will continue to be the first layer of security, but in order to keep our information protected the phone will be a major tool in the fight against fraud.