Despite over R200 billion being lost and 12 million people having the lives seriously inconvenienced, if not badly damaged, few really take the potential implication seriously.
Your risk can be significantly reduced by simply having a coherent way to use passwords.
The numbers above affect 4% of Americans online. Yet, if asked, the average American is more likely to be concerned about a shark attack than a cyber one and you are probably no different.
The most likely reason I would offer is because we are not interested in the password in the same way we are interested in the service we are looking to access. You want to access your bank account not spend time thinking about the word you use to access it.
Odds are you actually did try a tough password at some point, but forgot it which is an understandably tricky process to fix. To prevent that happening again you opted for something easier and you opted to use it everywhere.
But weak passwords is not the only way you could get your identity compromised as many people often willing give their information to those looking to steal it. And many might agree that a good password on a bank account makes sense but that an email account is less important, including routinely email passwords or simply writing them down and keeping them in a file at home.
The scenarios above allow for
- Phishing - getting you to enter your actual details in a fake site
- Snooping - intercepting the contents of emails
- Cracking - attempting the most common passwords to gain access (123456 and Password are the two most popular)
- Theft - finding files with saved passwords or passwords written on paper
There are many more but you can reduce your risk drastically by addressing the ones above.
Is there something else?
There are alternatives to text passwords, but they too have their challenges and given how extensive our online lives are now, it is a good idea to leave passwords in your will!
If you had opted for a fingerprint, retina, voice or similar means to authenticate you, it would be tricky trying to deal with your estate when you die.
Fingerprint scanners - these are gaining popularity and generally work very well, but the elderly and some people that use their hands a lot lose their fingerprints.
Voice is a good option, Discovery uses it when you want to access elements of your account, hopefully you are not on a bad line.
You could even use the unique way you type, online learning courses use that option to determine if the person posting answers is really you and that too works well unless you find yourself submitting your final answers on a keyboard with a wonky key.
So what should you use?
While different services will have more or less suitable options (like the gesture option to access a phone) you typically will be using text passwords for a while.
The best option is to have a different one for each website and to make them longer (the number of combinations if using letters, numerals and special characters of six characters is significantly more secure than the same with just four characters.) Remembering them all is tough so use a password manager which means you need to remember just the one very tough password to access your passwords.
Add to that a second means to authenticate your login. Banks have made this quite common by connecting your mobile phone number to your account and send a once off password to the phone which needs to be added to your login to be successful.
Yes, you have too many passwords to manage and, yes, they are not fun or easy to manage, but there is no question that whatever the added effort required to reduce the risk of having your identity stolen will be worth it. Just ask one of those 12 million Americans.
This article first appeared on 702 : Why we're so bad at looking after passwords (and what to do about it)