Still using passwords? You’re at risk

You’ve just created one more account with a username and a password? Congrats, your life has just become even more accessible. Rapidly improving technologies are making passwords to become an ancient history. Just as it had happened to floppy discs. Remember them? Well, their time has passed but passwords are still being used.

Simple reason why passwords shouldn’t exist anymore is your security and privacy. From social network accounts to private photos and money in the bank. Though it seems that every situation has already been portrayed in scenic examples and discussed in details, the biggest mistake you still do is think that this is happening somewhere far away and will never affect you. It can happen any minute. It might even be that it has already happened, you just haven’t noticed it. Let’s look at the facts.

People usually use the same usernames and passwords for different accounts. Yes, this way it’s easier to remember login information and not to get confused among all those accounts. However, this means that once one account is hacked, data in all accounts becomes accessible.

People don’t change passwords for a long time. Whether the passwords are created by themselves or generated automatically. There’s a chance that in the latter case people change the passwords but usually, as already mentioned above, to the same password that is used in other accounts. Passwords that are not changed for a long time mean that a hacker can use accessed information for who knows how long – maybe a month, maybe three, or maybe even a year. This also includes the fact that passwords are stolen more often than you think, sometimes it just takes time till someone notices (if notices at all).

Passwords of different people often are the same. People like to choose passwords that are easy to remember or mean something to them, e.g., a name or a birth date. But there are thousands of people with the same names or born on the same date. And how many times have you read in the media about the most popular passwords? 123456,  password, 111111 and others – they’re always at the top of the list. The same passwords of different people mean that someone, maybe even unintentionally, can login to other person’s account. Or at least guess your password and hack your account. Usage of weak passwords really makes it easier for the bad guys.

Passwords can easily land in insecure networks, for example, when using free Wi-Fi network in your favourite cafe, therefore, making them easy to steal. And these are the places where hackers often look for an easy catch.

Strong passwords are no longer strong. We still often hear that a strong password is secure. In order to strengthen passwords, sometimes even mandatory rules are set: at least 8 characters, at least 2 of which numbers, at least 1 uppercase and 1 lowercase letters. However, such requirements is a burden to users and limits their freedom of choice, therefore, people start to creatively fight the rules and the first method usually is to write down this strong password on a piece of paper. This means that trying to set the rules to create stronger passwords then backfires. If that piece of paper gets in the wrong hands, you know what might happen. But not only users simplify work for hackers, password cracking tools are becoming more and more modern which means that cracking a supposedly strong password becomes a matter of time.

A lot of researches have been made on this topic revealing that people don’t trust logins with usernames and passwords anymore. One-fourth even say that they’d stop using services if there was an attempt to hack their account or data was stolen.

Researches also show that people would like to have more secure alternatives but on the other hand think that those would complicate the processes. Just like with the mandatory password rules which basically mean you won’t even remember your password.

However, these days there’s a number of secure but simple solutions, for example, Mobile ID or Smart-ID. These solutions are not only secure but they even take less time to login to any account compared to using regular login method. It’s way easier to type a 4-digit PIN code into a window that pops up automatically than to type your username and password. And there are times when you mistype. Then you have to start all over again.

Why is PIN code more secure, you ask (as it’s easier to guess 4 digits than a long password)? Firstly, both Mobile ID and Smart-ID work only with your smart device. This means that if someone wants to hack into your account, the first task for them is to steal your phone. Then, most probably, device lock code will have to be hacked too (we want to believe that the majority use additional security means provided by phone producers). The final step then trying to access, e.g., your bank account with Mobile ID or Smart-ID, would be to guess your PIN code. But… after several unsuccessful attempts, the access is blocked. If you want to use mobile signature again, you will have to go to your mobile operator and sign a new certificate agreement, meanwhile, to start using Smart-ID, you’ll have to create a new account. This means that the hackers have no possibilities to reach your data. Besides, both of these means are based on way more secure technological solutions than a mere password – public key infrastructure (PKI). Simply put, for each operation confirmation a unique code is encrypted.

Thus, if a service provider gives you an opportunity to register for an account with Mobile ID or Smart-ID – just take it. We promise you, the next time you read news in the media about hacked systems or stolen passwords, you’ll sleep tight.

This post is also available in: Lithuanian