Being online has become part of our living; as such we have created for ourselves online those things—like financial services, commercial activities and socialisation—which we did mainly in person. At the time, we knew who was what because there was no proximity limitation. However, since we moved almost every activity online, there became a need to create a profile for ourselves for identification and safety. Hence there became more than ever a need to safeguard these profiles in order to avoid their abuse and thievery. One of the foremost ways we accomplish this is through the use of passwords.
A password is any string of alphanumeric, punctuation and special keyboard characters that people create for themselves as a way to authenticate legitimacy to access an online account in order to keep the activities on this account private and secure. The first known password system was introduced in 1960 by Fernado Corbato of the Massachusetts Institute of Technology (MIT). It was for the Compatible Time-Sharing System (CTSS) that all researchers used at this time: It guaranteed that individual files were kept private.
While there are security risks associated withpassword protection, it is essential to know that there have been cases of stolen passwords and illegitimate access to one’s account because of weak, insecure and repetitive passwords. As put by Christine Sabino of Hayes Connor, ultimately when someone gets access to your password they can wreak untold havoc on your life because they will now get hold of your details and access your bank accounts; they can even purchase items on these accounts with your money, and in extreme, but not unlikely, cases, they can steal your identity.
Therefore, as much as businesses have the responsibility to protect their customers’ data to avoid data breaches, individuals must ensure that their passwords are safe to avoid their accounts being hacked by cybercriminals. Although organizations should have passwordprotection policies, which guide personnel (and clients) on how to create a password, store it and to change it when necessary, individuals can adopt the following guidelines to keep their password safe:
- Ensure that password is 12 or more characters in length.
- Include punctuation marks here and there in the password.
- Combine upper-case and lower-case letters randomly.
- Avoid the use of numbers in exchange for letters.
- Never use a memorable arrangement of letters or numbers, like dictionary words and consecutive number arrangements.
- Avoid using the same password always. For easy remembering and application, people tend to use a few passwords for a variety of online accounts; they only vary them once in a while. However, there is imminent danger to this habit: If one comes by a password in these few, they can access numerous accounts associated to it by guessing the likely variations of punctuation marks and the cases of the letters therein. Therefore, one needs different passwords for different accounts.
- Avoid writing down passwords word for word as a way of safekeeping. Instead, write clues that will help with remembering them while being technically impossible for anyone else to guess.
- Use a reputable online password manager to keep passwords safe online. The database is encrypted and managed using a master password.
- Install anti-malware that will detect any malware that carries out suspicious activities on an account and give an alert of such threat.
- Use multifactor authentication to log in to an account. In addition to a password, this method requests for one or more pieces of identification in order to grant access to an account. For instance, online banking may require a passcode (like OTP) sent to your mobile number before it can grant access. This not only protects accounts from being hacked, but also alerts of any attempted suspicious activity on accounts.
- Update devices and the software thereon to avoid cybercriminals preying on any vulnerability that may be in the older version. Patch up any perceived vulnerability immediately.
- You cannot be vigilant enough: Do not be fooled. Be skeptical of any strange invitation or even enticement to give up personal information—whether through clicking on malicious attachments in emails and text messages, or voice phishing on a phone call. If it does not feel right, call the actual organization for clarification.