What a week of celebrations! First, May the Forth Be With You day, then Cinco de Mayo and now, on May 6, it’s World Password Day.
Texas plays a big part in this World Password Day, but it’s nothing to brag about.
Cybersecurity experts at McAfee Corp. say cybercriminal activity has only increased during the pandemic. In Q4, McAfee Labs observed an average of 648 threats per minute, an increase of 60 threats per minute (10%) over Q3. The two quarters also saw COVID-19-related cyberattack detections increase by 240% in Q3 and 114% in Q4, while Powershell threats again surged 208% due to continued increases in Donoff malware activity.
Hard to have much fun with news like that, but let’s try.
Dashlane, a mobile app that helps people and businesses with passwords, has shared its first-ever, mid-year Worst Password Awards.
Sometimes a password is so strong even the user who set it up doesn’t know what it is. Dashlane’s Most Likely to Win the Lottery and Lose the Ticket Award: Bitcoin Users Who Forgot Their Passwords. Password pitfalls cost so much – time, energy, user data, company reputation, $220 million. HODL up. That’s right, as cryptocurrency soared, bitcoin users were locked out of both their wallets and potential fortunes due to forgotten passwords. People, please! Post-its get lost, built-in browser storage doesn’t work everywhere, and you shouldn’t leave the keys to your online kingdom up to remembering the middle name of that girl who kissed you in third grade.
Most Surprising: Local and Government Services. The hack of a Florida water plant and a phishing attack on the California State Controller’s Office are just a couple of the recent examples highlighting the challenges public sector organizations face when it comes to cybersecurity. In California, state workers fell for a phishing email that targeted at least 9,000 contacts, giving hackers access to social security numbers and other sensitive information. Meanwhile in Florida, hackers gained remote access to the treatment plant’s system and tried to poison the water – making stronger cybersecurity practices a matter of public health and safety.
Most Avoidable: Verkada. Hacks are often more widespread than you think, as a recent one at cloud-based enterprise security camera system Verkada showed. After an international hacker collective breached its systems with a username and password found on the internet, the hackers accessed Verkada customer cameras, which ranged from the Technoking of Tesla’s factories and warehouses to Equinox gyms, hospitals, jails, and schools. It’s unlikely Elon Musk will mock this in his upcoming SNL monologue – avoidable data breaches are no laughing matter.
Most Predictable: COMB. Not what you use to brush your luscious locks but rather the “Compilation of Many Breaches.” As bad as it sounds, COMB is the result of an online hacking forum posting over three billion unique emails and passwords gathered from past leaks at Netflix, LinkedIn, Bitcoin, and more. With 4.7 billion people online, COMB included the data of nearly 70% of global internet users! Both predictable and painful (are you listening? Don’t reuse your passwords!).
“We all know we should practice better password hygiene, but as these examples show, we’re only human. Passwords are a human problem even more than a technology one, and despite the risks, it can be hard to get people to change their behaviors,” said JD Sherman CEO of Dashlane. “That’s why everybody should use a password manager like Dashlane – it’s an easy-to-use tool to manage and eliminate security risks proactively for both people and businesses.”
There are lessons to be learned here.
Meanwhile, how to avoid these awards of ignominy?
Here are some tips from Dashlane.
Use random and different passwords for every account: Hackers can use passwords from compromised accounts to easily access other accounts. The only protection against this is to have random and different passwords for every account. Random keeps you secure.
Turn on two-factor authentication (2FA): 2FA is a feature that adds an additional “factor” to your normal login procedure to verify your identity – something you know (your password, PIN number, zip code, etc.), something you are (via facial recognition, your fingerprints, retina scans, etc.), or something you have (a smart card, your smartphone, etc.). Most apps or websites will verify you via an email or a text message sent to your phone.
Get a password manager. Now. Ditch whichever patented password management “method” you’re currently using. A password manager is literally the only way to safely and conveniently manage wildly complicated and unique passwords for an unlimited number of accounts, while providing automatic logins and secure autofill of personal and payment information.
Sign up for free breach alerts. Dashlane helps you learn what to do if your information has been compromised. Dashlane’s Breach Center will alert you if any of your data is found on the Dark Web, and keep an eye out for breaches that may affect you in the future.
Note: An earlier version of this story included an incorrect description of the issues with SolarWinds. The Business Press regrets the error.