Why Having A Strong Password isn’t Enough to Secure Your Account?
By TOI Staff January 6, 2023 Update on : January 30, 2023
Alarming but true: Hackers don’t even need to “hack” anymore. They are, increasingly, simply
logging in. They’re exploiting the vast repositories of billions of stolen email addresses and
passwords that are floating around on the Dark Web.
According to HaveIBeenPwnd.com, we’re looking at 12 billion compromised accounts and
counting. Just in 2021, an estimated 5,9 billion accounts got breached. Each compromised account
forms part of an ever-deepening pool of juicy personal information for sale.
Having a strong password for (hacked) Facebook or (hacked) Twitter isn’t enough. We need digital
tools to defend ourselves against the digital security onslaught, but we need more than just a free
antivirus or free VPN for laptops.
What are the weaknesses of password authentication?
The password system is not user-friendly. Platforms force users to make their passwords more
secure by using numbers, uppercase letters, lowercase letters, and special characters, which makes
the passwords hard to remember.
Humans cannot remember hundreds of unique, hard-to-guess passwords, and it’s unsurprising
that we incorporate easy-to-find personal information into passwords or re-use favorite ones.
People usually pick one good, strong password, memorize it, and then they re-use the same
password on multiple websites. Odds are it will be compromised soon enough, so security experts
are unanimous: Everyone should use Multi-Factor Authentication wherever they can.
What is MFA?
MFA is when a system asks a user to provide a combination of two (or more) credentials to verify
his login. Even if one credential gets compromised, an unauthorized user will still not have the
second credential and cannot log in.
It prevents unauthorized users from accessing sensitive data and abusing network privileges to get
into the other devices on your network.
What are common MFA methods?
Most larger platforms or websites are moving towards MFA, but it can be tricky to implement
because users don’t always like it. Options include security questions, phone calls with PIN
Verification, or Time-based One-Time Passwords (TOTPs), where you have to use the PIN within a
specific time limit. Platforms also use One-Time-Passcodes (OTPs) delivered via SMS or email or
Mobile Push Notifications authentication, which gives users access to a “Swipe to Log in” function.
Physical factors include a USB dongle or a portable device like a mobile phone. Inherent factors can
include fingerprinting or facial recognition, which is simple to use, but many people dislike it
because of privacy concerns.
Is MFA enough to protect digital security?
MFA is not enough. We must stop adding our breached and stolen information to the vast
databases on the Dark Web by protecting our digital privacy when we surf the internet.
Learn more about Social engineering:
Spoofing or phishing attempts were much easier to spot in the past. Nowadays, scammers
don’t make easy-to-spot spelling and grammar errors, and they back up their scams with
professional-looking websites that contain seemingly legitimate contact and company
information. Common sense may not be enough to protect you. Add a URL scanning tool to
your digital security arsenal.
Get an antivirus:
Did you know your smartphone could provide direct access to your PC via shared
applications and emails? You should use an antivirus if you’re using a digital device.
But malware is not the only threat. You should go one step further and shield your private
information and credit card details while online.
A VPN protects your passwords and other data:
A VPN blocks spying eyes and snoopers from accessing the information you exchange on
the internet. It’s a two-step process. First, it creates a private tunnel between your
computer and the internet so no one can see what you’re doing. Secondly, it encrypts all
your data by turning it into a meaningless character salad. Only the VPN can decode the
information at either end, which means your information stays hidden from the bad guys.
Beware of ‘free’ tech for your PC
If you’re not paying for the product that means you are the product. The free option of the
best-known antivirus products can’t actively harm you, but a free VPN for PC or free VPN for
Android is an entirely different matter and may actually be a virus or spyware.
If your budget can only accommodate one digital tech tool this year, make it an advanced VPN with
antivirus capabilities and a URL scanner to combat data theft and malicious software.