We need a new mindset to keep up with cyber threats

5 min read
Cybersecurity Threats
Image credit: Depositphotos

While Kanye West’s visit to the White House and his vocal endorsement of President Trump was highly politicized and engendered praise and condemnation on both sides of the aisle, it may have raised one issue that even the most entrenched factions on both sides of the spectrum can agree on: A dire need for improved cybersecurity awareness.

The media was fast to catch Kanye typing “000000” to unlock his iPhone while visiting the Oval Office.

Kanye's password is 000000

And if a celebrity with Kanye’s digital footprint—and consequently attack surface—has such low cybersecurity standards, one can imagine where the general public stands. In fact, a recent survey by the University of Phoenix—published in observance of the National Cybersecurity Awareness Month—found that 78 percent of U.S. adults acknowledge having at least one “bad online habit” that cybercriminals can exploit, showing how badly the National Cyber Security Month makes sense.

According to the survey 48 percent of respondents admit using the same email address for different online accounts, another 41 percent use the same password across multiple accounts, and 31 percent allow social media sites and apps to access their personal information.

The same email? Why not?

At first glance it may seem common sense to use the same email for different accounts. After all, nobody creates a new email for every account they create. But the goal here is to lower the risk important accounts like credit cards face by separating them from the ones we use for less secure roaming. This will help to reduce the attack surface on our important accounts without restricting oneself too much.

How to easily separate different profiles with separate emails

While this may seem cumbersome and add a lot of overhead, there are actually some tools that help you separate and manage your different profiles on the web. If you are a Google Chrome user, the built-in multi-user feature is the first best thing you can use to achieve that with minimal overhead. Lifewire has an easy-to-follow and concise how-to guide that helps you get up and running.

On Firefox, I would use the Multi-Account Containers add-on. There are some key differences between Firefox’ and Chrome’s solution. Firefox makes the whole experience easier to manage because the different profiles are kept in the same browser window. But Chrome’s solution is more solid and fundamental when it comes to separation of the profiles. For example, when you install an add-on (Firefox’ term for browser extension) in Firefox it will be available across your containers (that’s where the different profiles reside in Firefox). You can’t limit an add-on to a specific container thus opening a new attack surface to all your profiles (including those you want to keep as secure as possible). On the other hand, Chrome enables you to completely separate the profiles and acts as if you are using completely separate browsers. But that adds some more overhead to your digital life. In essence, as with everything security related, it’s a tradeoff between convenience and security and that’s something everyone should decide for themselves.

Here is a primer on what malicious browser extensions can do and how to methodically screen them before installing.

Anyway, I would create at least three profiles: Personal, Work, and Shopping/Financial. You may also like to add a fourth profile that can be used for miscellaneous tasks that you don’t want to show up in your personal profile. Make sure that these profiles are not connected in any way (e.g. same email, same phone number, etc.). Otherwise the trouble would be for nothing.

The same password? Why not?

Well, if you haven’t heard already countless of times in the news, platforms—even the best—get hacked and passwords, emails and other personal information land in murky places on the internet, usually after the villains have used and sold them for profit. By using one password for all of your accounts, you are making all of your digital life as secure as the least secure platform you use. Just one hack can endanger everything.

How to avoid using the same password without memorizing them

You can write them down with pen and paper and be done with it! Now seriously, you may argue that no one except for a few geniuses can memorize so many passwords and you are right. But you don’t have to. There are ways you can secure your passwords. One very convenient option is to use password managers,  cool apps that help you overcome your forms and passwords while using some really complex and unique ones. Some of them even warn you when you use the same password for two accounts, have built-in features that automatically fill the boxes and help you share credentials with peers.

Here’s what all password managers do in essence: They store your passwords encrypted and secure and let you access them whenever you want. With just one master password you’ll be able to rule them all. Just make sure your master password is complex enough and don’t ever forget it. Secure password managers by design should not be able to recover your passwords if you ever lose your master password.

Lastpass is a great password manager that works across all your devices. On Windows and Mac it works on Firefox, Chrome, and Opera and it has native apps for android and iOS devices. Lastpass is a SaaS application, meaning that it is hosted in the cloud.

For those who aren’t happy to give up their passwords to a cloud company, there are password managers like KeePass that while less convenient than LastPass are arguably more secure because they keep your passwords local. You can even store KeePass on a thumb drive and only connect it to an air gapped computer. KeePass is an open source and free application.

Here you can find reviews and comparisons between different free and premium password manager.

No personal info for social media apps? That’s nearly impossible!

First of all, let’s make sure we all know about some of the major data breaches regarding social media with the Google Plus blunder being just the most recent one. Now, even if—and that’s a big if—the social media platforms rigorously secured their applications and didn’t get hacked, you must consider their countless partners and the third-party apps that have access to their data. Can all of them be secure? What are the chances that one of those apps is hacked?

Social media “is usually the easiest point of access and unfortunately that’s due to human error,” says Sterling Kellis, Assistant Dean of Technology from the University of Phoenix. “We are generally trusting, we are willing to share a lot of information online and hackers… are willing to exploit that.”

Now, one may argue that a minimum of personal information on social media is necessary unless you decide to avoid them altogether. In addition, there are many platforms that require you to log in with your social media accounts, giving them a degree of access to your profile in return for the free services they offer. You see the implications. The more convenience and fun you want, the less secure you’ll be.

But what can help here is the separation of profiles we did mention earlier. Keep your social media activities strictly in your personal profile or even in another profile that is for less secure things. If you avoid mixing your profiles, hackers will have a hard time accessing your most important accounts.

“It’s OK that we’re cautious, maybe a little bit untrusting, because that’s necessary,” says Sterling. “At the very bottom [of the triangle of Maslow’s hierarchy of needs] there is the need to feel safe and secure… and the fact that we also want convenience and we are willing to share information online so readily, we need to balance those two.”

Which brings us back to what happened in the Oval Office. To enter one’s “password” in front of so many people and cameras is not only too much trusting but sheer recklessness. That Kanye’s iPhone X supports Face ID makes things even worse. In addition, if you attempt to use passwords like “00000” or “123456,” iOS complains that the combination is easily guessed and suggests you choose something else.

iphone-this-passcode-is-easily-guessed

According to SplashData, a cybersecurity firm that annually compiles a list of the most commonly used passwords since 2011, as of 2017, “0000” is not among the top 25.

Here’s a list of the top 10 common passwords over the last three years according to SplashData.

Rank 2015 2016 2017
1 123456 123456 123456
2 password password password
3 12345678 12345 12345678
4 qwerty 12345678 qwerty
5 12345 football 12345
6 123456789 qwerty 123456789
7 football 1234567890 letmein
8 1234 1234567 1234567
9 1234567 princess football
10 baseball 1234 iloveyou

In 2016, the most common 25 passwords made up 10 percent of the surveyed passwords with “123456” alone taking up 4%.
Now at least let us give Kanye credit for not using one of those common passwords and knowledge that a lack of cybersecurity awareness is a global problem. That’s why this year’s National Cybersecurity Month makes sense more than ever before.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.