No Username or Password… No Wishes!
By Alia Noor, FCMA, CIMA, MBA, Oxford fintech programme, GCC VAT Comp Dip,COSO Framework.
Associate Partner Ahmad Alagbari Chartered Accountants, UAE
Apparently 8.4 Billion passwords were revealed on a hacker forum. The implications are endless. Attackers can simply conduct Brute Force tactics to compromise reused passwords on different sites. Reputable data leak checkers like “Have I Been Pawned” can help, but a better course of action is utilizing a combination of a strong password or a password manager. CyberNews
Most online and digital profiles these days rely on a username and password combination to verify user identity. To ensure these profiles remain safe and confidential, well-crafted passwords are essential.
The rising prevalence of password hacking to enter confidential or financial online accounts, in particular, has made password security extremely important. Weak or common passwords make access to digital profiles easy for hackers, who use sophisticated programs to uncover passwords and hack accounts.
Password Protection Checklist
Turn on a screen lock password, PIN number, and biometrics security like fingerprint or face unlock and any other authentication methods.
When creating a passwords think about creating long passwords based on memorable phrases are better over short complex passwords.
Strong passwords makes it’s harder to break in and steal your data by simply cracking your password.
2FA requires two different methods to ‘prove’ your identity before you get granted access.
When setting up your 2FA, you should use 2FA applications over SMS/Text based systems.
Passwords should be easy to remember but randomly include symbols, capitalising and numbers with the letters. Length is important long passwords are great; including random words and phrases are even better.
Avoid using the most common passwords like “123456”, “password” and characters sequential on a keyboard like “qwerty.”
Avoid user personal information like birthday, address, anniversary, pet name as they are easily discoverable
Password manager an online tool that auto-generate and store strong passwords on your behalf. Storing all these passwords in an encrypted, centralised location which is only accessible via a ‘master’ password.
Examples: 1password.com, Lastpass
Every online application should have a different password. This prevents a single compromised password allowing someone to login to every web application that your credentials could authenticate to.
Password Protection Tips
- Never give your passwords to anyone else.
- Never type in a password in plain sight of others.
- Avoid writing down passwords or creating password hint sheet
- Don’t email them to yourself
- If creating a document file, consider name convention, make it something random so it isn’t a dead giveaway.
- Don’t use the same password everywhere because it will make it simpler to compromise all your accounts. Use unique passwords for everything!
- Consider signing up to have i been pwned? to track if your data has been compromised in a data breach.
- Avoid using the most common passwords.
- Beware of signs of phishing and phishing attacks.
- Computer malware
- Think about phone security.