Often in Cybersecurity, terms can sometimes go over the head of laypeople. While many have heard of terms like phishing, malware, or data breach, it is important for employees and organizations who are not experts in cybersecurity to know what these terms mean, how they are carried out, and what you can do to protect yourself at work and at home. In this series, we will cover common cyber concepts in simple terms so that even those who are not cybersecurity experts can understand these concepts.
Passwords are as old as security itself. Whether it be Ali Baba saying "open sesame!" in Arabian Nights or a child making sure no one can enter their treehouse without saying the "secret word," passwords have been used to secure our valuables for millennia. In the modern age, passwords have been an inescapable reality of participating in the digital landscape, and the task of managing these passwords can often be a balancing act between overtly simple passwords and passwords that are too hard to remember. According to a 2020 study by password manager NordPass, the average person has used roughly 100 passwords over their digital lifetime, a reality that has resulted in many people using similar, easily discernible passwords. A 2022 SpyCloud report uncovered that 64% of people who have had more than one password exposed reuse their passwords. Couple this with the fact that 25% of employees reuse their passwords at work, and it can be seen that insecure login methods are a problem that affects both home and professional life. Making sure your logins are secure is of vital importance for everyone.
Above everything else, Multi-Factor Authentication (MFA) is a frequently seen measure for strengthening the login verification process, making it more resilient to attacks. MFA is a login method in which a user is allowed to access an account only after inputting two or more pieces of login information for authentication: An example of this is having an application on your mobile device (a physical token separate from your password) that is prompted every time a login attempt is made for a specific account on any device, where the user would then need to confirm the login attempt on the application to successfully enter their account. While MFA does have its issues (our partner KnowBe4 has published an informative article on how MFA can be compromised), it is the best course of action for account security by having these multiple authentications serve as confirmation for a legitimate login. Many services and websites now have MFA capabilities for accounts, and these include override codes that allow for account sign-ins if the secondary device needed for MFA is lost or stolen.
Another sound course of action for account security is utilizing a password manager, particularly as a person’s passwords become more complex. Password managers offer a solution to the task of creating unique, hard to guess passwords and keeping track of them in a safe place. By creating passwords and storing them securely on their servers, password managers allow users to not sacrifice security for ease of access. Many password managers incorporate MFA capabilities to allow for simple sign-ins and include security notifications to let users know when passwords may have been compromised or are in the process of being targeted. BitWarden, KeePass and LastPass are effective password managers, and although they are not always free, weighing the cost of such services against the cost of compromised passwords and data breaches makes them more than worth their price.