The Reality Of Password Security

Password security facts and figures are almost funny, if the reality of it all wasn’t so scary and true.

In fact, I’m willing to bet you see yourself in some of the data.

  • On Yahoo and LinkedIn, the most common passwords are “123456”, “work”, “123” and “the.”
  • 33 percent of end users save their passwords on a Word doc or on a PostIt note attached to their monitor.
  • On average, an individual owns 10 online accounts in which the very same password is used to login.
  • 62 percent of smartphone users save passwords and PIN numbers on apps and programs on their phones.
  • 5 percent of men use their spouse’s name as their password. 30 percent of women do the same.
  • Every 3 seconds, an individual’s password is stolen or hijacked.

For years, security experts have advised businesses that using strong passwords and password managers are their best course of action.

Today, trends are pointing towards different practices. Next level security is now coming in the form of fingerprint ID and two-factor authentication.

Fingerprint sensors have been around for decades. Yet in the last couple of years, we’re seeing it migrate to mobile devices. With the newest smart devices, pressing your finger to the sensor rather than typing in a PIN or password unlocks it and authorizes use. But like with everything, fingerprint ID isn’t 100 percent secure, as fingerprints can be lifted and even recreated using high-resolution photography. Germany’s defense minister Ursula von der Leyen found out just how easy it was to lift a fingerprint a couple of years ago.

In some cases, two-factor authentication, also known as two-step verification, can provide added protection on some of most sensitive sites and programs you use every day. Amazon can be set up with it. So can Gmail. So can many financial institutions. The most common two-factor authentication sends an SMS text message to your mobile device after you’ve entered your username and password. This message contains a four to six digit code you must enter to complete the login. And if you don’t want to use texted codes, you can choose to have the code sent to an alternate email address or to another app like Google Authenticator. The advantage of Authenticator is your device doesn’t have to be set up to receive SMS messages, so you can choose any device with wifi connection in the event your device is lost, damaged or stolen.

Either of these methods can add a layer of protection to the devices your employees use every day. That way if someone does lift a password, your info will have an added layer of protection.

What do you do to help keep your data safe?