Password pitfalls and how to avoid them

Madhi explores the fatal mistakes often made regarding online security.

Image courtesy of Pixabay

The internet, along with its associated technologies, are tools of immensely dominant popularity. According to the ONS, in the first 3 months of the year, 89% of adults in the UK had recently used the internet. Market research firm IDC suggests that the amount of data produced by digital services will reach 180 zettabytes in 2025. Statista expects the number of smartphone users worldwide to reach almost 3 billion.

While these figures are astonishing, there are others which reveal that our growing dependence on technology is not such a positive trend. According to internet service provider, Beaming, in 2016 2.9 million British companies fell victim to a cyber-attack, costing a total of almost £13 million. Equifax was subject to the latest high-profile breach in 2017, which saw around 700,000 customers in the UK having their data stolen.

All of this paints a worrying picture for technology users. For many years, the realisation of the severe dangers of the World Wide Web have been overlooked. Delayed responses from regulators are now trying to fill the gaps. The EU’s General Data Protection Regulation for example, which comes into force in May 2018, will require companies to implement adequate security measures to protect data.

But it is not just companies that will need to take data security more seriously. It is the general public too. Yet many still do not seem to have grasped this. One piece of evidence which exposes this is the list of most common passwords used every year.

Research conducted by password-managing app, Keeper Security, produced such a list for 2016. Looking at 10 million passwords available from public sources on the web, it found that the most popular password used last year was “123456.” Second was “123456789” and third was “qwerty.”

At first, this seems amusing. It is almost unthinkable that people use such perplexingly simply and vulnerable passwords to protect their data and accounts. But this initial hilarity wanes when one realises that these kinds of passwords typically top these lists year after year as they are used by millions of people online.

It is little wonder that so many find their precious data corrupted, stolen or deleted. The dire truth is that too many users take sound security for granted. The fast-paced culture created by modern technology causes people to become negligent and clumsy, abandoning safety and security in the process. But if users are to actually enjoy the fruits of the internet and other technologies, then this lax behaviour needs to be reversed. Better password management is one way to achieve this.

There are a number of ways users can do this. First, refrain from using painfully predictable passwords. This makes the work of cybercriminals all too easy, and like any criminal, they will be most attracted to the lowest hanging fruit. Clearly more complex passwords are far more reliable. Using a password manager like Keeper Security or 1Password will help to collect all these passwords in one place, protected via encryption, negating the need to remember all the random letters and numbers for each online account. It also means users will not have to resort to the other bad habit of writing passwords down on paper.

Secondly, users should not re-use passwords for multiple sites. This makes it easy for hackers to infiltrate more accounts. If they managed to crack the code for one, other data would also be at stake. Password managers allow you to easily organise unique passwords for each online account nullifying the need to use the same one repeatedly.

Thirdly, users should not share their passwords with other people. Even when the recipient has a good level of security-consciousness themselves. Sharing passwords only spreads the risk of unwanted users gaining access to your data. Whilst many password managers offer features which allow users to share passwords with others safely, sending passwords in plain text through a message on Facebook is never ideal.

These very simple steps can go a long way. Although they are not foolproof, as nobody can be completely safe online, they can alleviate many of gaping vulnerabilities of typical user practices. Just as people are careful with their car keys, the same approach should be applied with passwords. Otherwise the consequences can be grim.