There is a reason why you shouldn’t use the same password on multiple sites.
Passwords: Yes, we hear you when you say, “why do I need to change my passwords?” There are normally several typical responses to this question – including: “Why should I when my one password for everything works just fine” or, “Why should I when I’ve only just managed to memorise them all,” or even worse: “But they are so beautifully arranged all around my screen or on my desk on post-its!”
The DRS team truly hopes this last statement is not your reality. Microsoft-centric organisations have the same concerns as any organisation adopting cloud technologies. Consider the following statistics – 73% of passwords are duplicated, so it’s no wonder that 81% of data breaches involve stolen or weak credentials, and 91% of phishing attacks target user credentials. There is a reason why you shouldn’t use the same password on multiple sites. This is because there are lists of cracked passwords for sale on the Dark Web, and by using a technique called credential stuffing, bad guys test these previously breached passwords on multiple sites to see if they will unlock another one of your accounts. Remembering multiple, long passwords may seem like a huge task but why not consider a password manager?
What is a password manager?
A password manager will take a load off your mind. Unless you have an above-average adult human brain – which by the way can store the equivalent of 2.5 million gigabytes digital memory – you need it. A password manager helps to create unique and secure passwords for each of your sites while keeping track of what has been used where. Once you have saved each password to the manager when you revisit the site it will auto-populate the details. When it comes to passwords for banking, work access and other key passwords it is best to just remember these and not save them to your manager. These passwords are also referred to as
high-value passwords. Think carefully before storing high-value passwords! Here you must rely on your brain’s memory!
Very importantly – most password managers will allow you to reset your password. If you lose or forget the master password that the password manager uses to protect your other passwords (sufficiently random, long, and different for every one of your accounts), you will lose all your passwords. Don’t forget your master password!
What will a password manager do for you?
- Autofill your passwords
- Suggest new passwords
- Manage passwords
Multi-Factor Authentication (MFA) is another way to reduce the risk of stolen passwords by requiring a second, or even a third way to verify a user’s identity before access to applications and systems is granted. Multi-factor authentication (MFA) encompasses two-factor authentication – also referred to as 2FA plus similar terms – this is an electronic authentication method in which a device user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is). MFA protects the user from an unknown person trying to access their data such as personal ID details or financial assets.
Simply put, MFA is another level of security that, along with your password, verifies account ownership and makes doubly sure you are who you say you are. It does this by sending a one-time PIN to your mobile device. This can be received via:
- OTP App
- Voice Call
The additional layer means that even if the bad guys do have your password, they need to have your phone as well (and with a passcode on your phone, they’d need that too). It is recommended that you apply multi-factor authentication to your critical accounts such as:
- Social Media
Just to clarify – the difference between two factor and multi-factor authentication is here: Two-factor authentication (2FA) always utilizes two of these factors to verify the user’s identity. Multi-factor authentication (MFA) can involve two of the factors or it can consist of all three. There is also a third-party authenticator (TPA) app that enables two-factor authentication, usually by showing a randomly generated and constantly refreshing code to use for authentication. We trust that you will adopt some of these security good practices if you have not done so already. As always, your feedback to us is welcome and very much apricated.