Passwords and digital amnesia

How important are your passwords ?

Let’s start this blog entry on a philosophical note: If you had an accident and lost all your memories would you still be the same person? Also would you be the same person if you liked different kinds of music, made other decisions in life or had different friends?

Since the dawn of the computer age we’ve been using computers as extensions of ourselves, saving our memories to photo archives and journals, our preferences to playlists and documents and our decisions to calendars and to-do lists.

But this digital evolution didn’t stop there – as we are now diving head first into the cloud era we put our trust more and more into service providers with our precious bits of information:

– our playlists are on last.fm, iTunes or Spotify

– our photos are on Instagram

– our events are checked in on Facebook (and friends tagged, of course)

– our thoughts are on tweeter

– our phone contacts are synced with Google or iCloud

– our appointments and calendars are synced with the email provider

– more and more people are using cloud storage for their files

A few years ago a hard-drive failure resulting in the loss of our data was a real personal tragedy. Today, permanently losing a password to one of our service providers could have the same effect, so this means our passwords have become really important.

What are the risks of losing access to your accounts?

There are 3 main ways to lose access:

  1. Forgetting or losing passwords
  2. Having the passwords stolen
  3. Losing access due to incorrect account settings

Let’s talk about each one in more detail

  1. Forgetting or losing passwords

According to a recent study, online security experts consider a best practice to have a different password for each service provider. However, using more and more online services means using more and more passwords, and according to the same study regular users don’t usually use a password manager.

Beutler_Google_Security-practices-v6

You may have a good memory and successfully remembered your passwords so far, but as you add more and more providers there is a risk to get them mixed up or forget them at some point. Writing your passwords down in notebooks or datebooks is a good idea, but datebooks can also get lost when you are moving or can easily be misplaced.

Since we’ve already established that passwords are really important we recommend that you have your passwords stored in at least two places, preferably at different locations. This solves what is called a “single point of failure” (if something goes wrong with the first you always have the second, a backup plan, so to speak). For example you can use a password manager to save the passwords and also have them printed out or in a datebook as a backup.

Some people keep a text file or document with passwords on their computer as backup. We don’t recommend that, but if you do at least keep it in a password-protected archive – you’ll see why below.

  1. Having passwords stolen

You are probably aware of the existence of password-stealing Trojans that usually target banking or payment pages with the explicit purpose of emptying your bank account. You may think – I’m not using online payments, as for the other passwords – why would anyone steal my Facebook or email password ?

As we are moving more and more activity to the online world hackers are finding more and more ways to make money, carefully harvesting each and every bit of information and treating them as resources:

  • E-mail accounts are used for spam and collecting mail addresses from contacts
  • Facebook accounts are also used for spam, advertising or spreading malware links
  • Google Adwords accounts can be exploited to gain profit through fraudulent clicks
  • Amazon or other online shopping sites may have saved credit cards enabling hackers to make fraudulent purchases from your account even without coming in contact with your credit card number
  • Identity theft is also a way of gaining access to resources or obtaining credit or other benefits in your name.

This means that hackers are investing time in building malware that collects passwords to your accounts and you, in turn, should invest time in protecting yourself from them.

What can you do ?

  • The first thing you need to do is to install an anti-virus if you don’t already have one.

There are a number of anti-viruses out there free for personal use, such as Avira FREE Antivirus. Anti-virus programs have generic detection methods called “Heuristics” which can stop password-stealing Trojans before they infect your system.

  • Secondly, a password manager like Sticky Password can also protect your passwords. How? Read on to find out …

Logging on to a website from a browser can happen either by typing the password in the login box or by having the password stored by the browser. If you’re typing the password, password-stealing Trojans have a keylogger component that can record the keys you press and send your password to the attackers. If you’ve clicked “remember password”, then your password is stored on your computer and password-stealing Trojans can retrieve them the same way tools like ChromePass are able to.

Password managers use special plugins to login to your websites, rendering keyloggers useless and avoiding the standard password-storing browser mechanisms.

  1. Losing access due to incorrect account settings

Pop quiz – do you know the security questions and answers for each of your accounts? What about 2-step authentication / second sign-in? Do you know if it’s enabled and for which accounts?

If the answer to the above question is no, someday after reinstalling your operating system you may find yourself locked out of your account looking at on one of the following pages all the while trying to remember what the correct answers were: Avira-questionsSo – what’s the big idea?

More and more service providers are adding two-factor authentication every day. This basically means adding a second level of authentication to an account log-in when logging on from a new device. This can be in the form of a SMS message if you have a phone number registered, an email with a PIN sent to a secondary email address if you have one saved in your account or answering security questions.

If you have two factor authentication enabled for an account without knowing about it and you don’t have your recovery options updated you may find yourself locked out of your account. In this case you should contact your service provider’s support team as they may ask you a few questions and grant you access.

We recommend that you review your security options for each of your accounts and update your security questions, your phone number, email addresses or any other recovery options.

Final conclusions

  • As we are moving more activity online, passwords are becoming more important
  • Proper password management is a necessity
  • Having an anti-virus installed can protect your passwords from theft
  • Using a password manager can protect your passwords
  • Updating the security options for each account can prevent accidental lock-outs

 

About the author: Mihai Grigorescu works as a Virus Analyst at Avira Software, a company with over 100 million customers and more than 500 employees.

Avira is a worldwide leading supplier of award-winning antivirus software for professional and private use. With more than 25 years of experience, the company is a pioneer in its field.

Follow Avira on Facebook  and Twitter: @Avira