Experts agree that it is no longer a case of 'if' but a case of 'when' we will be hacked and whether our details have already been stolen and sold on to criminals without our knowledge. In 2015 over 500 million online identities have been leaked, with 2016 set to eclipse that figure.
But how do hackers get hold of our data, and what can we do about it?
The first and possibly the weakest security point is the password. Humans are notoriously bad at passwords, both from a strength point of view and from a diversity aspect. Re-use of the same password is a major problem. Imagine one of your accounts gets hacked, meaning the hacker has your password; he/she is going to try it out on all your other accounts and if you have used the same one, he/she is going to have a field day. Getting into your Facebook account is bad enough, but getting into your Instagram or LinkedIn or Pinterest account and who knows what other accounts can spell disaster.
Password re-use is only one aspect, password strength is also a problem. Easy passwords like your name, or your children names, or date of birth or a combination thereof are most common and most easy to decipher. Common words or names, people or places, should be avoided as being too easy to work out; and so are significant dates like birthdays or anniversaries. There is, most surprisingly, an inordinate number of people using 123456789, full length or a section thereof.
More and more security conscious systems will measure the quality of your password and not allow you to use it if it is too weak; a reasonable strength will come with at least 8 characters in a combination of upper case and lower case letters, numbers and special characters.
To strengthen the single security login, the 2-step verification is being more widely used. The way it works is, for example, that you enter your username and password as usual, you will be asked to reply to a question. This will be about something you know, something you own or something that is inherently yours. You will then be sent a verification code to your mobile number, and you enter it to access your system.
There are programs out there that can help you with password management, such as 1Password, LastPass, or Dashlane. They will create strong unique passwords for each of your accounts and keep them secure behind a master password only you know, nobody else, included the password manager (so don't forget it).
Looking beyond forgettable and/or forgeable pieces of information are biometrics. These use a part of your body to identify you. We all know about finger prints as one of the identifiers. Software has been developed to use voice. Voice patterns are particular to each individual, separating even twin brothers; the software will differentiate the real thing from a recording. Another possible biometric is an image of the face, the 'selfie-security', in particular the eye.
A more complex approach is analysing is our behaviour, how we type or swipe and hold our mobile phone or tablet. Efforts are constantly made to develop enhanced security, but it will all come to naught if we, the users, don't make an effort to protect our own data from the hackers.
Biometrics are of course convenient, they demand zero effort from the user. But I see a problem in using biometrics: they are rigid and cannot be changed. Why does that matter? Imagine they have been hacked, which is not an impossibility. as no system can be guaranteed to be 100% secure, you are stuck. Whereas you can change your password and carry on.
Passwords still have some life in them. A strong password and two-step accreditation is the way to go.
We offer our clients two step accreditation to access both their accounts and their website administration. Furthermore, our clients' account passwords are computer generated using 18 characters in a combination of upper case, lower case, numbers, special characters; it will take hackers 100,000 years to break them.