International Finance
MagazineTechnology

Mastering password security like a pro

IFM_ password security
One of the cardinal rules of password creation is avoiding the inclusion of information that can be easily guessed

The significance of creating and maintaining secure passwords cannot be stressed in the constantly expanding world of cyberspace, where the lines separating the physical and virtual worlds are increasingly hazy. It is crucial that people take their online security seriously given the frequency and sophistication of cyberattacks. Making strong passwords that serve as impregnable fortresses to protect our sensitive data, money, and online identities forms the basis of this security.

One of the cardinal rules of password creation is avoiding the inclusion of information that can be easily guessed. When it comes to social engineering, names of family members, pets, or important events are a gold mine for hackers. They can quickly determine these facts from public information and social media profiles.

The best approach is to employ unrelated words, perhaps from different languages or domains that have personal significance to you but would be impossible for outsiders to deduce. This not only increases the complexity of your password but also gives it a sentimental undertone that helps it stand out in the crowd.

Although the idea of complexity could make you think of a convoluted maze, establishing a strong password can be a skilful endeavour. A routine string of characters becomes a powerful shield when a variety of capital and lowercase letters, digits, and special characters are used.

It’s important to note that one popular tactic used by hackers is replacing letters with similarly-looking numbers or symbols while following recognisable patterns, such as replacing “E” with “3” or “A” with “@”. So, individuality is crucial. You can start with a line from your favourite book or movie and build on it with these variations to create a genuinely original and complex password.

In the realm of password strength, length, which is frequently ignored, is an unsung hero. The longer a password, the harder it is for brute force methods to crack a password. Experts advise using at least 12 characters, but if the platform allows it, it’s wise to use more.

Making a passphrase, which is a string of seemingly unconnected phrases strung together, is a useful strategy. This method makes passwords longer while simultaneously making them easier to remember, so there’s no need to write them down or keep them insecurely.

There are several online accounts and services available in the contemporary digital environment, and each one needs a password. A serious error is making the mistake of using the same password on many platforms. If one gets into the wrong hands, it’s like using the same key for your house, car, and safe deposit box—it invites tragedy.

Consider using a password manager to combat this. The burden of memorising several different passwords is reduced by these programmes, which generate, store, and automatically fill complex passwords for various platforms.

You might find ideas for secure passwords by browsing your bookshelves or music collection. Choose a favourite passage from a book or some song lyrics, then change it using numbers and other unique characters. For instance, the Shakespearean phrase “To be or not to be, that is the question” could be changed to “2B0rN2B*t1stheQ!” This method not only results in a strong password but also adds a little personality to your online security.

The context and usage of a password are just as important as its actual foundation. Simple patterns like “123456” or “qwerty” should be avoided, but many people do so because of convenience. The usage of simple-to-guess sequences like “asdfgh” or “zxcvbn” is equally perilous. Hackers use automated systems that repeatedly cycle through these known combinations to quickly compromise accounts. Use your imagination to come up with a combination that defies convention in order to foil such attempts.

In the age of information sharing, scepticism is your ally. Genuine businesses will never email you or use another kind of communication to ask for your password. Watch out for phishing schemes that pose as reliable organisations and ask for your login information.

Genuine password reset procedures take place on the official website or application. You should be suspicious of any unsolicited communication that requests your password and report it right away.

Regular password updates are one of the proactive methods to protect digital security. By routinely changing your passwords, you thwart any potential unauthorised access and invalidate any stolen passwords. When updating passwords, refrain from merely modifying your existing ones. Instead, create a new password that abides by the rules of originality, difficulty, and length. Despite the fact that this procedure may appear onerous, it is a tiny price to pay for the protection of your internet reputation.

The powerful tool is called two-factor authentication (2FA) in the war against unauthorised access. By using a code often given to your mobile device, it adds an additional degree of security on top of the password.

The requirement for this second piece of information makes it extremely difficult for hackers to access your account, even if your password is hacked. Take advantage of the opportunity to strengthen your defences whenever a platform supports 2FA.

The “diceware” method of creating passwords is a less popular but very powerful technique. It entails choosing words from a predetermined list using a dice roll, and then combining those words to create a passphrase. As a result, a seemingly random yet memorable string of words that goes above and beyond standard password norms is created. This strategy perfectly balances personalisation and unpredictability.

Cybercrime overview

Threats to cyber security have grown in recent years on a global scale. Cybercriminals benefited from misaligned networks during the pandemic as businesses shifted to remote working environments. Malware attacks rose 358% in 2020 compared to 2019. From 2020, cyberattacks climbed by 125% globally through 2021, and in 2022, rising cyberattack volumes continued to endanger both enterprises and individuals.

The landscape of cyber threats has been significantly impacted by the Ukraine war. Russian-based phishing assaults against email addresses of companies with headquarters in Europe and the US have multiplied eight-fold since the war’s beginning. In the 2022 first quarter, there were breaches affecting about 3.6 million Russian internet users, an 11% rise from the previous quarter.

The UK started the ‘Ukraine Cyber Programme’ in 2022 to aid in defending Ukrainian critical infrastructure against Russian threats. As the war started, the UK promptly activated a £6.35 million package to combat the Russian cyber operations. This programme offers an incident response to defend Ukrainian government institutions from assaults, DDoS protection so that people in Ukraine can still access vital information, and firewalls to stop assaults.

The most frequent type of internet crime is still phishing. Around 323,972 online users reportedly fell for phishing scams in 2021. This indicates that 50% of the users whose data was compromised, fell victim to a phishing scam. During the pandemic’s peak, phishing incidents increased by 220%.

Phishing has the lowest loss to victims despite being common. Phishing assaults cost victims an average of $136 each. This is considerably less than the $12,124 average cost of a data breach. For the most recent details on international phishing trends, visit our page on phishing statistics. Investment fraud was the most expensive type of cybercrime in 2022, with an average loss of $70,811 per victim. There is little doubt that data breaches are becoming more frequent and expensive. The victim count has climbed from six victims per hour to 97 victims per hour since 2001, a 1517% increase in 20 years.

It is evident that COVID-19 had an impact on the daily victims. According to statistics on cybercrime from 2019, 53 victims were reported every hour. The hourly victims soared to 90 in 2020, the pandemic’s first full year, a 69% rise.

Additionally, the average cost of data breaches per hour has gone up globally. The average hourly cost to individuals in 2001 was $2054. The hourly loss rate has since risen, reaching $787,671 in 2021.

As workplace changes and increasingly sophisticated infiltration techniques give cybercriminals more confidence, the cost of data breaches to enterprises has been rising significantly. Businesses spent $4.35 million on average in 2022 as a result of data breaches, up from $4.24 million in 2021.

More companies are taking cybersecurity seriously as a result of the rising threat to enterprises around the world. Around 73% of Small and Medium-Sized Businesses (SMBs) concur that there is an urgent need for action on cybersecurity issues, and 78% plan to raise their spending on cybersecurity over the next 12 months.

The fact that 67% of SMBs believe they lack the internal expertise to handle data breaches is a worrying number. The fact that more SMBs are collaborating with managed service providers for cybersecurity—89% as of 2022, up from 74% in 2020—helps to reduce this problem.

Supply-Chain attacks

As technology advances, supply networks are getting more integrated and complex. However, security flaws in one company can make connected partners vulnerable. Up to 40% of cyber threats now arise indirectly through the supply chain, and cybercriminals are taking advantage of these vulnerabilities.

Research shows that because of the rising time demands of greater digital connections, cybersecurity leaders are burnt out and in an ‘always on’ state.

This tiredness is being exploited by cybercriminals. According to research, only 23% of security leaders continuously check for cybersecurity vulnerabilities among their partners and vendors.

Additionally, many firms only allow their direct suppliers and vendors to be covered by third parties. This leaves out their larger network of clients, collaborators, investors, and other stakeholders.

Awareness of third-party risk is increasing. According to estimates, 60% of firms will consider cyber security risk when making decisions about transactions and business activities with third parties by 2025. The concern of C-Suite executives regarding supply chain risks is also shown by recent studies.

Around 60% of the 900 businesses surveyed said supply chain attacks were the most likely forms of cyberattacks to target their company. This is comparable to DDoS attacks, higher than APT and cyber espionage but lower than ransomware and data theft.

At last, the digital era demands a diligent approach to cybersecurity. A key component of this defence is the creation of strong passwords, which act as a virtual lock to protect the wealth of our online lives.

We can build impenetrable defences against malice by embracing complexity, length, variety, and creativity. Being aware of changing security procedures like two-factor authentication and diceware passphrases allows us to stay one step ahead of those looking to take advantage of our weaknesses.

What's New

Ajman: Emirates’ new ‘Modern City’

IFM Correspondent

Digital extortion: Doxing in the crypto era

IFM Correspondent

AI-enhanced soldiers: Future of warfare unveiled

IFM Correspondent

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.