We all know that Lent is traditionally a time for preparation and fasting ahead of Easter but, in recent years, many see it as a time to give up and break bad habits. With that in mind, we spoke to a selection of security professionals to ask them what they think we as internet and social media users should be giving up.
You’ll see that a certain bad habit relating to passwords crops up a lot, which begs the question: why are so many of us so bad as password hygiene?
Give up shocking social media bad habits
Joseph Carson, Chief Security Scientist & Advisory CISO, Thycotic
Hacking social media accounts has never been easier, with attackers taking advantage of poor password management, data privacy hygiene and hijacking accounts for ransom. It’s difficult to get the real picture but in recent months, 50 million+ Facebook accounts have been exposed. Even worse, 80 per cent of all cyber security attacks involve a weak or compromised password.
Poor social media security habits open the door to allow malicious attackers the opportunity to access highly sensitive personal details of users’ lives. These include work credentials and data, credit card information, email access, even your social security number. Information leakage can have major consequences for your organisation including the lost trust of your followers, tarnished brand reputation and, worse, your poor security practices assisting the growth of a malicious phishing scam and malware.
A recent survey we conducted found that 20 per cent of respondents had never changed their social media passwords, and 30 per cent still use easily hackable credentials such as birthdays, addresses and pet names. So, for Lent, we’d like people to give up their poor social media habits and give up that password you have been using for years that you continue to reuse for each of your accounts.
Give up (re-using) your password!
Matt Walmsley, EMEA Director at Vectra
Come on folks we all know it’s not good practice but most of us have reused a common password at one time or another, and many of us do it habitually. Pick something that’s not obvious, has numbers and special characters, and if you’re really going for it, isn’t a meaningful word or phrase. While you’re at it, turn on multi-factor authentication on your accounts where its available.
There are password vault and manager tools to help you administrate and remember your newly improved passwords too. You’ll need to take a view on whether you want all your passwords in one place though. I’m not a fan. They’re not inherently bad but they do introduce risks around losing access to passwords or being breached and locking yourself out of all your account details and associated passwords. Others like them though, often for the ease of using multiple long, complex, unique passwords and website legitimacy checking features.
Finally, sign up on haveibeenpwned.com – a free service that checks your email address against known data breaches and alerts you if your password of choice is out in the wild.”
Give up reusing passwords!
Rusty Carter, VP of Product Management at Arxan Technologies
But at the end of Lent, don't go back... get a password manager and avoid being the next victim of a credential stuffing attack. If you've used BA, Sotheby's Home, or hundreds of other services that have been compromised in just the last year alone, your username and password is in a malicious actor’s hands and they will be trying it against other services like banks, social networks, and ecommerce sites to steal from you!”
Step away from the public Wi-Fi!
Matt Lock, Director of Sales Engineers – UK, Varonis
Those looking to give up a dangerous cybersecurity practice during Lent should consider giving up public Wi-Fi. Like other vices, we know using public Wi-Fi is bad for us, but we keep doing it anyway.
When checking your bank balance on your phone at the coffee shop or shopping on your phone on the train, it’s tempting to simply select the first free network you see, no password required. Those warnings that your online activity is unsecured and accessible by third parties are there for your safety. Click at your own risk.
Free Wi-Fi might save your money, but you could end up losing in the long term. Your data, including usernames and passwords, could be intercepted and monitored in a man-in-the-middle attack or by a hacker who has tricked you into logging on to their own network. It may be tougher to face your monthly mobile statement, but you will be protecting yourself by keeping your information more secure.
Repeat after me: Stop reusing passwords!
Tom Gaffney, Security Consultant, F-Secure
You shouldn’t reuse passwords. This isn’t new advice. Yet, for some reason, the practice seems to persist, with many cyber security professionals singling it out as one of today’s biggest cyber security issues. Despite all the news and advice, it’s not something we as consumers are getting better at, which is why it would be a great habit to give up for Lent – and hopefully in general!
People reuse passwords because they just have too many to remember on top of jobs which can already be causing mental stress; remembering a random sequence of characters or phrases is just another item to add to the list. To make it easier, users compromise on password quality (choose easy passwords to guess), quantity (choose a few strong passwords) or both (numerous accounts protected with an easy password to remember or guess). So advising people not to reuse passwords is not news. But it’s important enough to repeat over and over again. If you use a password manager, it’s surprisingly easy advice to put into practice.
Password managers are the ‘holy grail’ of online security and can generate strong, unique passwords which are then stored in a secure, easily accessible place where they can be used to quickly login to websites, accounts, programmes etc. So, in addition to wanting people to give up reusing their passwords, we also want to encourage them to embrace password managers.
Image source: Shutterstock/scyther5