Relying on username-password combinations seems so last decade (last century?) these days. With smartphones able to do facial recognition and thumb readers as options on laptops, passwords feel like they should be phasing out.
In the meantime, the passwords we’re choosing aren’t very secure. A recent SplashData report shows the top-three most popular are password, 123456, and 12345678. One has to wonder why there aren’t more security breaches with that kind of non-security. Just how worried should you be about keeping your life online?
Recently, millions and millions of users have been affected by security lapses, resulting in hackers gaining access their accounts on such sites as Yahoo Voice, LinkedIn and eHarmony, among others. Even a lone reporter, Matt Honan, using strong passwords, fell victim to a hacker when social engineering at Apple and Amazon resulted in his Twitter account getting compromised and his iPhone, iPad and MacBook were remotely erased.
It seems there isn’t a month that goes by without a significant security breach, and those are just the ones you hear about. Imagine a hacker gaining access to your account by getting the last four digits of your credit card number from Amazon, and then turning over to Apple and using that information to gain access to your whole Apple world. All without having to guess one password.
There have to be better ways to protect yourself. Being online 24/7 doesn’t help matters here, as nearly every site has their own rules for what makes a good strong password, and nearly every site requires one. The way we’ve learned to cope with the password madness, writing them down on little sticky notes, isn’t helping, either.
Password vault software
That’s where password vault software comes into play. As the name might reveal, a password vault is a safe location to store all your unique passwords for each site. The passwords can be auto-generated so they don’t match dictionary words, and are literally long strings of random characters. You just have to remember the password key to the vault. Then, unlocking the vault will unlock your passwords when you visit each site.
It actually is that simple, but you have to make sure the vault software is available when not on your home machine, otherwise you can’t log into any of the sites and your access control mechanisms turn out to be worthless.
Beyond password vaults, many of the larger sites, mostly financials, are now relying on two-phase/multifactor verification mechanisms. When logging in from an unrecognized machine, the username-password values are no longer sufficient to gain access. You typically must provide an identification code that is sent to a so-called trusted location, like via text messaging to your registered mobile phone number, voice calls again to a registered phone number, and even snail mail when there isn’t a trusted alternative. The latter isn’t a quick option, but it suffices when no other options are available.
Recovery from a security breach
How quickly you can recover after a breach truly depends on the safeguards put into place before matters get out of your hands. Beyond just making sure backups are current, there are other alternatives that can help with the big picture. Relying on something like Microsoft SharePoint to store your documents for collaboration is an alternative. Basically, safeguard your information away from your machine in addition to on your machine.
The key part here is that you need multi-user access. With the right processes in place, a content management system like SharePoint helps keep the goods secure and out of the hands of the hackers and also helps your users access content nearly anywhere. Just be sure to set up the associated SQL Server host on a separate server from SharePoint.
Until biometrics become more common, username-password combinations are pretty much here to stay. There may be a second or third authentication factor for some websites, but the bulk of sites only rely on passwords for security. Do check out password vaults for the generation and storage of your strong passwords, and remember that using password is a good way to get hacked.