Passwords are insecure - so what do we do now?

We love to hate our passwords. There are far too many to keep track of and we're constantly being fed new recommendations on how best to manage them to keep us "safe". But the truth is that usernames and passwords are not a secure login method. We're in a constant battle between more secure (more complex) and user-friendly (simpler) passwords from which no one emerges victorious. We simply can't remember unique, complex passwords for all the digital services we use today. So what can we do instead?

 

Even a secure password is not secure

Many studies show that we choose passwords that we identify with. This could be the name of a pet, children's birth dates, grandmother's maiden name and so on. Moreover, many people often use the same password for multiple logins, which increases their vulnerability and makes them easier to hack. In this way, a breach in one place can result in many more of your accounts being compromised.

Most people do not like to change their passwords regularly, even though it is recommended for security reasons. Therefore, most people make it easy for themselves by simply adding a number or similar to the password. Something that hardly contributes to security. Alternatively, they choose a password that is far too simple - or they choose not to change their password at all.

However, if you choose too strong a password, other challenges arise. A complicated password is harder to remember, so many people choose to write it down - on a piece of paper, for example - and put it away. In this way, the password is no stronger than the "hiding place" you put the note in. Under the keyboard or at the top of the desk drawer...?

 

Safety is required - regardless of activity

In general, awareness of the security measures that should be put in place is relatively high. Unfortunately, few live up to this. The thinking is often: "It's worked before, so it should probably work for a while longer". Naïve, it may seem - yet it is a very common approach.

It is of course very much a question of how much security your company feels it needs. If you work at a company that handles major business secrets, the threat level is naturally different than if you work at a preschool, for example. In any case, with the introduction of the GDPR, it is important to protect your information so that the personal data you handle does not fall into the wrong hands.

It is more important to increase security in the long term to avoid personal data leaks, rather than risking them. This is because it takes much more time to report potential breaches than to ensure that security is kept at a sufficiently high level from the start.

 

Password many times more secure with multifactor authentication

There are now good alternatives and complements to login with a password, known as multi-factor authentication. While this is based on a password, it does not have to be particularly complex. Once you enter the password, the system sends a verification code to the mobile device associated with the account, which is usually your smartphone or tablet. Instead of automatically accessing the account with a password, an extra step is added to ensure the user's identity. The mobile phone is directly linked to you as an individual and this element makes authentication much more secure. It takes significantly more work for someone to gain access to both your password and your mobile device.

AI is becoming more common and the rapid pace of development makes it possible to take advantage of this in multi-factor authentication. In practice, you do not need to use multi-factor authentication in cases where the artificial intelligence recognizes that you are in a secure location. For example, your workplace during times and days when you are always there. However, if you choose to log in from a vacation spot you've never visited before, the AI will consider this suspicious and therefore require the user to use multi-factor authentication.

 

Build your security under controlled conditions

Strengthening your company's security in the long term obviously involves costs, and it is also difficult to calculate exactly how much you can save by increasing your security. But what is clear is that it is cheaper to get a grip on the security situation before something happens. Otherwise, you face a situation where you are both putting out fires caused by an intrusion. At the same time, you have to plan for a more comprehensive security project. If you can instead build your security with good planning and under controlled conditions, it will be a much cheaper job.

Would you like to know more about how WeSafe can help you improve safety? Both through long-term work and less complex interventions that make a big difference. Such as using multi-factor authentication for your accounts? Get in touch with us and we'll tell you more!