It’s this convenience that could leave you vulnerable to online fraud. An identical password for multiple logins simply means a fraudster only needs to crack your privacy once to have access to all your information.
When award-winning US computer scientist Fernando Corbató implemented the first use of passwords to secure access to large files on a computer system in the 60s, he probably had no inkling of the headache it would become for everyday users six decades later.
The problem in this digital age is that we need so many passwords to manage our social media, our money and our accounts. But, as much of a headache as these have become, that hieroglyphical combination of numbers, symbols, upper-and-lower case letters and special characters is here to stay.
Our days of complacency - where lazy passwords like “1234” and “Password” or geeky-cute ones like “Starwars” or ‘Slytherin’ would cut it - are over, as cybercriminals become more cunning and hacking becomes a darker art. Simple passwords are as easy to crack as a toss of a coin, or a few lucky guesses. In fact, a bot is able to unravel a six-character password in just four hours.
“We see these videos of cash-in-transit heists, and the money’s all lying on the floor, or the guys rob banks it’s pizza money, compared to what guys are stealing from behind a laptop.”
Your password is the “open sesame” to your life - your privacy and money. And yet we are guilty of weak “locks” on our digital and monetary assets. Some of us follow the path of least resistance and fall into the trap of single sign-on offered by Facebook or Google or use the same password for every account.
Unfortunately, that convenience could leave you vulnerable to online fraud. An identical password for multiple logins means a fraudster only needs to crack your privacy once to have access to all your information.
Of course, we have other identifiers that may, in time, replace passwords-fingerprint, voice or facial recognition can add extra layers of security in preventing a breach. It’s predicted that DNA may become our future password.
While biometrics are a step towards better cybersecurity, these are not inviolable. A voice can be recorded and manipulated, a fingerprint lifted from a wineglass and moulded into a synthetic replica. Keep in mind criminals will go to any length if there is enough gain at the end of their efforts.
High-net-worth individuals and businesses are especially vulnerable to this type of targeted attack.
Beyond the myth, biometrics are hackable through sophisticated techniques that bypass physical features and replicate data patterns to gain entry to a device like a smartphone. As far back as 2013, ethical hackers cracked the iPhone’s Touch ID in less than a week. Similar techniques can be used to crack the biometric security for a car, home or bank account.
If your password is hacked, you can replace it. You can’t do the same with your face or voice.
We should not use biometrics and other tech in isolation of traditional security measures, like a password, one-time-PIN SMS and second-factor authentication. Second-factor authentication requires you to have your password and something physical (like your phone) with you in order to gain access.
In fact, these should all work together to create an ecosystem of cybersecurity. At Investec, for example, we pioneered the use of voice biometrics in South Africa for our global Client Support Centre, but this is supplemented with second-factor authentication and other security measures.
Cybercrime can make one feel vulnerable and defenceless. However, your password is something you can absolutely be in control of and keep private. It is your strength. If you think of it as an unbreakable string, your ideal password should be a robust rope. The strength of a password is predicated on both its length and complexity - so the longer and more complex it is, the stronger it will be. Consider this: a 12-character password could take that same bot almost 200 years to crack. So, it is worth the extra effort.
A passphrase or mnemonic is a good way to remember a password. For example, you can turn a phrase (Investec is the best) into a password phrase (!nVest#cISthe8est#), which may be easier to recall.
If you need help, opt for an offline password manager like KeePass - an easier and more secure way to generate long passwords.
Passwords are not forever. We should change these frequently and create unique passwords for every door we want to lock in our digital world. Your watchword should always be “Do Not Enter”.
Kevin Hogan is Fraud Risk Manager, Investec Private Banking. This article originally appeared on the Investec Focus content hub.