The Risks of Using the Same Passwords for Everything
Posted By: Helen Thursday 24th September 2020 Tags: Cyber Security, two factor authenticationDo you currently have the same password for absolutely everything you use online? Today we’re looking at why you shouldn’t, how to securely change this method and some of the very best password managers.
Here’s what happened to a client;
Upon speaking with a friend, our client was congratulated on making a large sum of money from his recent Bitcoin investment. Slightly bemused, the conversation further developed. It soon became apparent this false information had in fact been sent through Facebook. Unfortunately, this can only lead to one assumption; our client had been hacked.
The password dance
Perhaps nobody says it better than the good old Don Friesen. If you’re not familiar with this clip, we will almost guarantee that everyone will be able to identify in some way!
Back to the client;
It’s certainly an unwelcoming and disturbing feeling finding out your Facebook account has been hacked. Aside from now having to create a brand new password you become responsible for ensuring friends and family are aware of the situation. Failure to do so could result in others clicking bad links and having their information stolen.
Then came the bombshell;
Whilst discussing the current Facebook situation with us, the client said ‘So am I going to have to change my password for everything else like the bank, other social media and online shopping? I use the same password for everything you see’.
**Mic Drop**
In a world where Cyber Threats frequent the news almost on a daily basis, we began to wonder about the number of complacent people in terms of password protection. If you‘re potentially one of these people, you MUST read on.
Enter: Two factor Authentication
You’re likely already familiar with two factor authentication (2FA), even if this terminology means nothing to you. With smartphones now ruling the roost, the majority of us will either login using a fingerprint or pin code. If you’ve ever accessed any form of government service they will send a code directly to your phone in order to confirm you are who you say.
2FA is another opportunity to prove you are the authentic user of a specific platform or account. This added layer of security allows you to provide the information a hacker can’t access such as your thumb print. Whilst a hacker may have knowledge of an initial password, without a second verification, they are unable to break through and access your files or accounts.
Who can use two factor authentication?
Anybody and Everybody! If you have an email account or Mobile phone, it’s amazingly easy to enable 2FA on social media accounts including LinkedIn, Google, Slack, Facebook, Twitter, Instagram, Microsoft, Apple, Dropbox and more.
But that’s not all;
In addition to personal use, 2FA is becoming an essential tool for businesses of all shapes and sizes. This highly secure tool combats cyber threats whilst providing a vital second wall of defence, especially if work login passwords are those for personal use. As IT Support and Cyber Security professionals, we focus on helping our partners across the North East to install 2FA.
And the results?
Positive all round. We are seeing now more than ever, many failed attempts of hacking into work related accounts following breaches on social media platforms.
What are the Benefits of 2FA?
As we continue to battle strongly against COVID-19, the need for Hybrid working remains. Many of us continue moving between office and home working and therefore coming to rely upon our home Wi-Fi networks. Such networks are of course much easier targets for cyber criminals to hack. Think of 2FA as part of your defence strategy. Whilst we urge everybody to use different passwords to limit the chances of multiple accounts being hacked, it only takes one breach for everything to unfold.
Our advice;
“With 2FA in place you’re instantly providing yourself and company with a second wall of defence thus keeping hackers at bay”.
Which Two Factor Authentication is best? (providers)
At LaneSystems we are currently using Microsoft Authenticator. The app is free to download, via Google Play and the Apple Store. Once downloaded it’s easy to sign into accounts with a pin, your fingerprint or face recognition. You can even choose the use of two options for even greater security and peace of mind. Another commonly used 2FA app is Google Authenticator. If you’re interested in learning about the best apps available, this article has put together a list of the top 5.
As if that’s not enough;
There’s also LastPass. This app is fantastic not only for storing and generating passwords securely, it also allows them to be shared. This brings us nicely onto;
Password Manager, What is This?
Surely we all know someone who has a little book stored away. This little book holds every single password ever created and used! Effective? Perhaps, but what happens should this be lost? We have even come across people who keep passwords in a document on their laptop or PC; still far from ideal.
As the number of online shops, services and platforms increase it becomes extremely tempting to click the ‘remember password’ button.
“Easy for you and extremely easy for the hacker”.
You’ve just made yourself a hacker’s dream come true! So how does a password manager help you out of this protection pickle?
Let’s look further at LastPass.
As part of its free offer, LastPass can be downloaded as an app and on a browser. Here you’re able to access saved passwords across all devices. Key features include:
- One-to-One Sharing
- Save & Fill Passwords
- Password Generator
- Secure Notes
- Security Challenge
- Multi-Factor Authentication
- Security Dashboard
In case you might be asking yourself;
‘How do you know this app is successful’? We have trialled LastPass ourselves at LaneSystem finding it to be secure and extremely useful. New passwords were generated easily and as an IT company we require these regularly on a daily basis. We gained instant peace of mind that should one account experience a breach it would be very unlikely others would follow suit.
How do password managers store passwords?
We’ll stick with LastPass as our example. Its website boasts:
“We’ve implemented AES-256-bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud. You will create a password manager account with an email address and a strong master password to locally-generate a unique encryption key. Your data is encrypted and decrypted at the device level. Data stored in your vault is kept secret, even from LastPass. Your master password, and the keys used to encrypt an
Quote taken from: https://www.lastpass.com/how-lastpass-works
But wait, we have something else to tell you;
Have you been Pwned? We highly recommend a little peak before deciding to stick with your current, repetitive password. Have I Been Pwned is not only fantastic, it’s a free website that tells you instantly if an account has been breached in some way.
A search using one of our managers personal email addresses revealed seven breaches linked to her email account ranging from 2012 to 2019, one of which related to LinkedIn. Thankfully, all her passwords differ meaning no further issues were experienced across other accounts.
If you’re still not convinced when it comes to 2FA and password managers, speak with us. There’s certainly a few horror stories we can share!