19th Ave New York, NY 95822, USA

How to make your passwords worthless for cyber-thieves

Mike Feibus, Special for the USA TODAY & # 39; HUI
Posted at 11:00 am and on October 14, 2017

CLOSE

[19459]

Products that have chips that enable connectivity to the Internet and that learn the habits of users are attracting attention at CES in Las Vegas. (January 5th)
AP

When IBM Introduced the First Laptop with a Fingerprint Sensor digital integrated in 2004, he decreed launched a wave of product development in biometrics. a colleague delighted to deceive sensor after senso r with a rubber replica of his own finger.

Everything is relative. Today, in a world where cyber-thieves routinely steal valuable data stores from far-off countries, compromised passwords are 10 times more likely, according to Verizon, to be the culprit as physical interaction with computers, smartphones and other connected devices. Even the worst fingerprint reader, in fact, can help secure these passwords by serving as a second line of defense.

The best way to secure your accounts is to make your passwords useless to cyber-thieves, by requiring proof in addition to – or better yet, instead of – your password.

Here is how:

Use a password manager

Yes, the purpose is to passwords. But many apps and websites do not yet offer options for multi-step verification. Which means that if hackers have your password, they will enter these accounts.

If you have a simple password, then you should assume that bad guys can already enter. A password like, for example, "password" is to leave the keys in an unlocked car. Misery loves the company. So, if it is a consolation – which, believe me, this is not the case – there are millions of other cars not locked. "Password" is one of the 10 most common passwords on the Internet. And one in six personal password is "123456." Seriously

So, as a first line of defense, you should have hard-to-guess passwords. And you should change them often. Which requires more effort than most of us are willing to spend.

Passwords managers like Dashlane, LastPass and RoboForm take care of all of this for you. You only need to remember the password that allows you to access your password manager. But for the sake of God, make a good one!

For more information:

Equiifax may still have been violated

After Equifax, make it expensive for credit bureaus to be "stupid"

No surprise doctors do not like electronic health records

Never click

Eighties – One percent of data breaches last year used weak or stolen passwords, according to Verizon's annual report on breach investigations. When it comes to stolen passwords, the most common method is by far in phishing – sending urgent and seemingly genuine e-mails that try to make you click on a link. The link can lead you to an impostor site that blocks your login information before logging in to your current account. Or it can load malware that collects all the user names and passwords that you type.

The best way to thwart phishing attempts is simple: do not click links in emails. This PayPal notice that your account may be frozen seems genuine. And it could be. Or not. Cyber ​​thieves spend their days imagining ways to convince you to click, and they're pretty good at it

For more information: Say no LinkedIn requests from foreigners; some may be phishing scams

Learn more: Phishing scams: How to avoid being fooled

Multi-Step Verification

If you have not yet received the message, we are notoriously mean to protect our passwords. That's why more and more accounts are using physical markers to validate that the person who has just logged in is really you.

In fact, most multi-step verification schemes, or multi-factor authentication, are based on "trusted hardware": your smartphone and your laptop. Then, if someone tries to connect with your credentials on another device, the application will ask for more evidence than it really is before you grant it. 39; access.

The application may ask for a code that it sends in a text or an e-mail. Or it may require a six- or eight-digit number generated by authentication applications.

Applications might require biometric authentication – such as iris, face or fingerprints – as further evidence.

The activation of multi-step validation on your accounts will greatly help to make your passwords useless.

Mike Feibus is a senior analyst at FeibusTech, a market analysis and strategy company in Scottsdale, Arizona, specializing in mobile ecosystems and customer technologies. Reach him at mikef@feibustech.com. Follow him on Twitter @MikeFeibus.

CLOSE

[Not available]

Nearly half of Americans are affected by a breach of computer security at Equifax, one of the country's three major credit reporting agencies. Here's how to avoid being a victim.
USA TODAY

Read or share this history: https://usat.ly/2ylinGg