Coronavirus highlights password problems

Yesterday we reported on the potential of increased phishing attacks on those affected by the EasyJet data breach, and a new study has revealed the coronavirus pandemic has caused a spike in similar attacks and highlighted serious personal password security flaws.

1 in 3 fall victim to phishing attacks

Since lockdown started, a third of people have fallen victim to phishing emails, according to a study from Capterra, provider of research and user reviews on software applications for businesses.

The study also found that almost half (45%) of these attacks were related to coronavirus.

It seems that duplicate passwords are a big part of the problem, with a third (33%) of respondents using identical passwords for different applications and between personal and business accounts, as well as sharing passwords with colleagues.

Who needs passwords anyway?

Passwords are often hacked in data breaches, but are they fast becoming a dated way to protect our information anyway?

Gartner, the global research and advisory firm, has forecast that 60% of businesses will have cut their reliance on passwords by half by 2022, while James Stickland, CEO of Veridium, believes the global crisis is acting as a catalyst, forcing firms to innovate stronger authentication technology, such as biometrics, to protect their most valuable assets.

Stickland said: “Capterra’s findings demonstrate the extent to which businesses and employees worldwide are battling with password security, which is directly linked to the high number of phishing attack victims and rising fraud. Covid-19 is now posing the biggest-ever cybersecurity threat, causing phishing attacks to rise over 600% in since February, as malicious actors trick users via fake coronavirus alerts. This is forcing businesses to rethink and overhaul their security strategies in an increasingly vulnerable landscape.

“Passwords are now widely being recognised as an outdated, easily compromised method of authentication, accounting for over 80% of data breaches. Millions use the same password for multiple logins, leaving valuable personal data at risk. This isn’t surprising – employees must remember approximately 27 passwords, putting them under considerable strain.

“Veridium estimates that enterprises with 10,000 employees spend on average $100 per user each year to manage password resets, amounting to a staggering $1.9 million, as well as significantly decreasing productivity across all departments.”

James concludes: “Now that millions of employees are working from home, companies are waking up to the weakness of passwords. As a result, more and more organisations are turning towards passwordless, multi factor biometric authentication to mitigate against increasingly sophisticated cyber threats, whilst enhancing the user experience.”

How to choose a secure password

There are a few fundamentals to consider when choosing a secure password, including:

  • Longer passwords – A longer password will reduce the chances of someone guessing it or an attacker from cracking it. Websites can have different minimum length requirements for a password but aiming for between 8 and 32 characters is a good starting point;
  • Depersonalise your passwords – Hackers may try to guess your passwords using clues from your identity. Avoiding passwords with your real name, username, children or pets names or any phrases related to you – like your address, birthday, school names, or company – will help make your password more secure
  • Don’t duplicate passwords – Choosing different passwords for each website where you have entered details can prevent someone from using one password to access multiple accounts;
  • Use alphanumerical passwords – Substituting numbers or symbols for letters, such as changing ‘turtledove’ to ‘turt13d0v3’, is a method well-known to hackers, and it may not be enough to prevent them from guessing your password – try some of the following best practices:
    •  Use a mix of upper and lower case letters, numbers, and symbols in an unpredictable order, e.g. Jan3#564@TRa1n
    • Avoid company names or mimicking the username
    • Avoid using more than two repeating characters, e.g. Jannnuary Yeeeear

For more information on secure passwords, check out https://www.conferencecall.co.uk/blog/how-to-choose-a-safe-password-and-stay-secure-online/