[ad_1]
There are many reasons to hate passwords. The good ones can be hard to remember. It is often difficult to reset. And even when we do everything right, they can still be cracked by cybercriminals.
The use of passwords dates back to ancient times, but cybersecurity experts have long called for their removal. In the days of ancient Rome, this may have been an impossible task, but with the help of modern technology, they say, humanity has the potential to move beyond passwords and into a world of easier and more secure authentication methods.
This may be easier said than done, but what better occasion to push for the elimination of the password than World Password Day, which falls on May 2. It’s a completely fictional holiday created by Intel in 2013. It’s traditionally meant as a reminder to take a close look at your login details and make sure they’ve ticked the necessary security boxes.
Passwords have lasted a long time because they seem simple at first glance and everyone online today knows how to use them. On top of that, there simply hasn’t been a scalable alternative for them.
But that is changing. Businesses and consumers alike now typically have the ability to log into their devices with biometrics, physical keys, authentication apps, and now passwords.
Access keys, which replace passwords with cryptographic keys, are built on protocols and standards created by the FIDO Alliance. Apple released them as part of iOS 16 in 2022 and Google introduced support for them on all major platforms last year. Proponents say passwords offer a better user experience than passwords while eliminating the risks of weak, reused and compromised passwords, not to mention phishing attacks.
Most importantly, passwords take the burden of security that was previously borne by users, said Anna Poblets, head of Passwordless operations for 1Password, a leading password manager provider that supports passwords.
With traditional passwords, the user usually has to create and remember them, she said. Conversely, with passwords, these requirements are directly built into the technology.
“There’s no burden on the user to say, ‘Did I make a good passkey?’ Did I make the right one? Did I use it in the right place?’ It all happens automatically,” Pobletts said.
And while cybercriminals will undoubtedly try to attack access keys with attacks just as they do with passwords, they won’t be able to do so on the same massive scale, she said.
In a blog post on Thursday, Google said improving authentication technology remains a key part of its efforts to increase overall security, adding that passwords have so far been used to authenticate users more than one billion times over 400 million times the Google account.
“This work is more important than ever amid a global election year, growing cyber threats and the rise of technologies like AI,” Google said in its blog post.
The tech giant also said it has rolled out broad password support in Chrome and Android to help developers implement the technology in their apps. Companies including Amazon, Dashlane, Docusign, Kayak, Mercari and Shopify have added support for passwords in the past 12 months, Google said.
But that’s still not true for every app or website, so passwords aren’t the answer to all your password problems, at least not yet. Meanwhile, password managers can help by remembering long strings of characters for you while keeping them safe.
And a little effort can go a long way in making your passwords great and keeping your data safe. Here are some tips on how to do just that.
Tips for good passwords
Longer is better. At least 16 characters is best. At this point, you don’t need to worry so much about password cracking software. Random sequences of characters are best, but passwords such as a combination of three unrelated words will be OK in most circumstances. Entering a special character, such as symbols or punctuation, in the middle will not hurt.
Remember: If you use a password, make sure the words only mean something to you and don’t mean anything important. The “Red Sox Rule” may be a great way to show your loyalty to the team, but it’s not a very secure password. Don’t use your birthday or other important personal date because cybercriminals can easily find them. Song titles and famous quotes are also bad ideas. Avoid cliché substitutions, such as using @ for “at” or “a” and $ for “s.”
Resist the temptation to recycle. Even the best passwords can be stolen and compromised. So limit the consequences by making sure you set unique passwords for all your accounts. Of course, this can be a lot to handle, as we recommend passphrases of 16 characters or longer.
As mentioned before, if you need help, sign up for a password manager. Both free and paid options are available. Many internet browsers can also help you with this task, although they don’t always work on your different devices.
Change can be good. Most experts now say that you don’t really need to change your passwords regularly. But they all agree that you should replace them immediately at any hint of compromise.
Keep your social media data safe. The more personal data you post, the more cybercriminals know about you. These small, seemingly unimportant bits of data can be used to crack your passwords.
While doing so, stay away from quizzes you see posted on Facebook who ask a series of seemingly innocuous questions to tell you which city you should live in or which would be your ideal vacation spot. Sure, they’re fun, but they may collect personal information that can be used to crack your passwords down the road.
Always, always use 2FA. If your password is compromised, the second layer of protection will go a long way to protecting you. Two-factor authenticationalso called multi-factor authentication, is used by a growing number of sites and requires someone trying to access your account to also enter second form of identity card.
It can be an app-generated code, a biometric such as a fingerprint or face scan, or a physical security key that you put on your device. Yes, it will slow you down while logging into the account. But it’s worth protecting your account. If 2FA is available, use it.
One caveat: If you can, avoid 2FA systems that send a code to your smartphone. SIM replacement, a scam where a cybercriminal takes over your phone number is on the rise. If a criminal gets hold of your phone number, they’ll also get your 2FA text message.
[ad_2]
