Cracking the Code: Addressing the Challenges of Password Security

In 2024, managing passwords continues to be one of the most critical cybersecurity challenges. Security experts often point out the issue concerns individuals and their capacity to remember numerous usernames and passwords. This post will address some challenges of keeping passwords secure and enhancing overall security.

 What is the challenge?

"When I began my career in cybersecurity at the start of the new millennium, my mentor used to say, 'security begins where convenience ends.' In the last three decades, the growth of the internet and various web technologies has meant that security concerns are often not at the forefront of a designer's mind, with usability and user experience taking priority. However, it is important to prioritise security and balance it with usability and user experience to achieve the best solution.”

One of the biggest challenges with online security is password creation. Unfortunately, hackers can quickly uncover your password if they understand the pattern of your user ID (e.g. [email protected]), with some assistance from technology and perseverance. Once a hacker has access to your password, they can use it to infiltrate many other online accounts if you have reused the same password. Password reuse is a significant risk to your online security, and avoiding it at all costs is crucial. By avoiding password reuse, you can significantly reduce the risk of being hacked.

Social media has brought numerous benefits to our lives. We can easily share information with our family and friends with just a few clicks. I have reconnected with many old friends on social media whom I had lost touch with over the years. It's fascinating to pick up where we left off decades ago. However, being social animals, humans tend to share too much information on social media. This includes details like the places we've visited or lived, the food we eat, or the pets we own. Such oversharing can be problematic when we use the same information in our passwords.

 The rapid advancement of technology has allowed us to find solutions to problems more quickly. However, this same technological advancement is also available to cyber criminals. Cyber-attacks are becoming increasingly sophisticated and widespread. Hackers use your social and online behaviour to trick you into giving them your login credentials. Phishing attacks use your social vulnerabilities to deceive you while shopping for Christmas on a fraudulent website. The biggest challenge for password management is the account takeover. It is essential to stay vigilant and be aware of these threats to protect yourself from these cyber-attacks.

 Following are the ten most common passwords that we use:

1. 123456
2. 123456789
3. qwerty
4. password
5. 12345
6. qwerty123
7. 1q2w3e
8. 12345678
9. 111111
10. 1234567890M

 Many individuals tend to use easily guessable information when creating their passwords. For instance, they may use their date of birth, the date when they created the password or their pet's name. Additionally, cybernews.com's statistics indicate that people often use common words and phrases when crafting passwords. These statistics reveal the inherent risks involved with creating weak passwords.

 What can we do then?

Using passwords as the sole means of protecting privacy has long been a problem. With the rise of sophisticated hacking techniques, single-factor authentication is no longer sufficient to safeguard sensitive information. Fortunately, several time-tested ways exist to reduce the risk of password attacks. Implementing multiple authentication factors, such as biometrics or one-time passcodes, greatly reduces the likelihood of unauthorised access. You can also use these methods to replace weak and easily guessable passwords. Doing so can mitigate the problems associated with single-factor authentication and ensure that your personal information remains secure.

Strong Passwords and use of passphrases

As technology advances, the security of passwords is becoming a growing concern. In the past, experts have advised us to create an eight-character password that includes a mix of complexity to make it challenging for hackers to crack it. However, recent developments in computing power have rendered this advice obsolete. It is now possible for hackers to crack passwords of any length and complexity. Nevertheless, using a long passphrase that incorporates complexity can still make it challenging for hackers to crack your password. The key is finding a passphrase that is easy to recall, such as "1f0und2skeletons!nthClOset," which meets the length and complexity requirements while being relatively simple to remember.

 Use Password Managers

In today's digital age, it's common for individuals to have several online accounts across various platforms and applications. However, remembering multiple usernames and passwords for each account can be daunting and put a considerable cognitive burden on the user. This is where password managers come in handy. Password managers are software applications that allow users to store their login credentials for all their online accounts in one secure location.

Password managers have become increasingly popular due to their effectiveness in managing passwords. Instead of having to remember several login credentials, users only need to remember one master password to gain access to all their online accounts. Additionally, password managers often offer multi-factor authentication (MFA) options, which provide an added layer of security to prevent unauthorised access to user data.

Proton Pass is one of the most popular password managers, which allows users to store unlimited login credentials for various online accounts. With Proton Pass, users can create complex passwords that are difficult to guess or hack, and the application will automatically populate the login credentials when the user visits a webpage.

Another significant advantage of password managers is that they can be easily accessed across multiple devices, making it convenient for users to access their accounts on their smartphones, tablets, or laptops. By taking over the heavy lifting of managing passwords from users, password managers provide a practical solution for protecting user credentials and keeping them secure.

 Add another factor

To ensure security, websites and applications use multi-factor authentication (MFA). This method requires users to provide their username and password, which triggers an additional challenge to prove their identity. The challenge could be a one-time password sent via email or SMS, a code created by an authenticator app, or a special dongle. MFA is based on the idea that only users can access certain information and devices. Even if someone knows the user's password, they cannot access the time-based code or other authentication factors. MFA is one of the most effective tools for preventing password attacks and is widely used today.

 Use of Biometric controls

Humans have unique physical and behavioural attributes that are not identical to siblings, such as fingerprints, face, and iris. These unique physical attributes are now used for user authentication, solving the password problem. These technologies are becoming increasingly common, and we now see devices like phones and laptops using fingerprints and facial recognition as authentication mechanisms. Although there are concerns about the misuse of this technology, it has a promising future in solving the problem of passwords. It is well-known that every human has a unique set of physical and behavioural attributes that distinguish them from others, even among siblings. These attributes include fingerprints, face structure, iris patterns, etc. These unique physical attributes are now used for user authentication, solving the age-old password problem. As this technology is becoming more prevalent, we are seeing an increasing number of devices, such as phones and laptops, incorporating fingerprint and facial recognition as authentication mechanisms. Despite concerns over the potential for misuse, this technology shows great promise in solving the problem of password security. 

USB-based security devices

USB-based security devices are a relatively new technology in which a USB key takes over the authentication process from users. The required infrastructure and associated costs have made it difficult for this technology to become widely adopted. However, with the introduction of YubiKey, reduced costs and adoption rates are becoming more common. Therefore, it is becoming a compelling argument, especially for businesses, to use these keys to improve their security posture.

Conclusion

It's important to note that there isn't a single solution to the password problem. However, some common sense measures and methods discussed in this article can go a long way in protecting you from breaches of your personal information. Additionally, it's recommended to regularly monitor published breaches as governments worldwide are now making it mandatory to disclose any breaches. You can utilize the services of Troy Hunt, who maintains databases of usernames, emails, and phone numbers involved in breaches on his website, 'HaveIBeenPwned'. It's advisable to frequently check your email or credentials to verify whether your email or phone is in a data breach. If you find that a service or company you use has been involved in a breach, changing your password as soon as possible is important to avoid any potential damage.

Stay safe!!