How important are your passwords ?
Let’s start this blog entry on a philosophical note: If you had an accident and lost all your memories would you still be the same person? Also would you be the same person if you liked different kinds of music, made other decisions in life or had different friends?
Since the dawn of the computer age we’ve been using computers as extensions of ourselves, saving our memories to photo archives and journals, our preferences to playlists and documents and our decisions to calendars and to-do lists.
But this digital evolution didn’t stop there – as we are now diving head first into the cloud era we put our trust more and more into service providers with our precious bits of information:
– our playlists are on last.fm, iTunes or Spotify
– our photos are on Instagram
– our events are checked in on Facebook (and friends tagged, of course)
– our thoughts are on tweeter
– our phone contacts are synced with Google or iCloud
– our appointments and calendars are synced with the email provider
– more and more people are using cloud storage for their files
A few years ago a hard-drive failure resulting in the loss of our data was a real personal tragedy. Today, permanently losing a password to one of our service providers could have the same effect, so this means our passwords have become really important.
There are 3 main ways to lose access:
Let’s talk about each one in more detail
According to a recent study, online security experts consider a best practice to have a different password for each service provider. However, using more and more online services means using more and more passwords, and according to the same study regular users don’t usually use a password manager.
You may have a good memory and successfully remembered your passwords so far, but as you add more and more providers there is a risk to get them mixed up or forget them at some point. Writing your passwords down in notebooks or datebooks is a good idea, but datebooks can also get lost when you are moving or can easily be misplaced.
Since we’ve already established that passwords are really important we recommend that you have your passwords stored in at least two places, preferably at different locations. This solves what is called a “single point of failure” (if something goes wrong with the first you always have the second, a backup plan, so to speak). For example you can use a password manager to save the passwords and also have them printed out or in a datebook as a backup.
Some people keep a text file or document with passwords on their computer as backup. We don’t recommend that, but if you do at least keep it in a password-protected archive – you’ll see why below.
You are probably aware of the existence of password-stealing Trojans that usually target banking or payment pages with the explicit purpose of emptying your bank account. You may think – I’m not using online payments, as for the other passwords – why would anyone steal my Facebook or email password ?
As we are moving more and more activity to the online world hackers are finding more and more ways to make money, carefully harvesting each and every bit of information and treating them as resources:
What can you do ?
There are a number of anti-viruses out there free for personal use, such as Avira FREE Antivirus. Anti-virus programs have generic detection methods called “Heuristics” which can stop password-stealing Trojans before they infect your system.
Logging on to a website from a browser can happen either by typing the password in the login box or by having the password stored by the browser. If you’re typing the password, password-stealing Trojans have a keylogger component that can record the keys you press and send your password to the attackers. If you’ve clicked “remember password”, then your password is stored on your computer and password-stealing Trojans can retrieve them the same way tools like ChromePass are able to.
Password managers use special plugins to login to your websites, rendering keyloggers useless and avoiding the standard password-storing browser mechanisms.
Pop quiz – do you know the security questions and answers for each of your accounts? What about 2-step authentication / second sign-in? Do you know if it’s enabled and for which accounts?
If the answer to the above question is no, someday after reinstalling your operating system you may find yourself locked out of your account looking at on one of the following pages all the while trying to remember what the correct answers were: So – what’s the big idea?
More and more service providers are adding two-factor authentication every day. This basically means adding a second level of authentication to an account log-in when logging on from a new device. This can be in the form of a SMS message if you have a phone number registered, an email with a PIN sent to a secondary email address if you have one saved in your account or answering security questions.
If you have two factor authentication enabled for an account without knowing about it and you don’t have your recovery options updated you may find yourself locked out of your account. In this case you should contact your service provider’s support team as they may ask you a few questions and grant you access.
We recommend that you review your security options for each of your accounts and update your security questions, your phone number, email addresses or any other recovery options.
About the author: Mihai Grigorescu works as a Virus Analyst at Avira Software, a company with over 100 million customers and more than 500 employees.
Avira is a worldwide leading supplier of award-winning antivirus software for professional and private use. With more than 25 years of experience, the company is a pioneer in its field.
Follow Avira on Facebook and Twitter: @Avira