Over the last decade, one word emerged from barely-known to being tossed around in almost all tech events and conferences nowadays – it’s cybersecurity. Not that long ago, most financial transactions happened via hard-cash, and now some people don’t even use it anymore, since they buy most of the stuff online, and pay with their credit cards.
And once the money moved online, the cybercriminals followed. At this very moment, numerous tech companies are looking for cybersecurity specialists to secure their services, and if you want to know more about online dangers, you can check out our other article on malware.
In this piece, we’d like to draw your attention to another cybersecurity-related problem – password management. Stealing people’s passwords is one way for cybercriminals to profit, so read on if you want to know more on how to secure your accounts and prevent unnecessary losses!
Why is Password Management Important?
Gone are the days when people had only a few online accounts to take care of. Of course, it’s easy to remember a couple of passwords you’ve used, but what can you do when you need to remember dozens? Moreover, what if they had to be long, complex, with uppercase and lowercase letters, symbols, etc. Many people still choose to use generic passwords like “password123” or “qwerty”, and alike.
And that’s a big mistake. Over time hackers noticed these common passwords and started guessing them to steal user accounts. For example, e-mail addresses are almost public information these days, and if you’ve used your email to log in to Netflix with a weak password some cybercriminals will simply try several times until it hits the spot.
It’s usually thought that cyberattacks always happen to someone else, but they’re more common than you think. Just read this story about how thousands of new Disney+ subscribers lost their accounts to credential stuffing attacks. At first, it looked like Disney+ didn’t invest enough to secure their service. However, later it came to light that it had little to do with Disney+ security; the problem was weak and reused passwords.
You’ll notice the term “credential stuffing” attack, and this is precisely why Internet users should take an extra step to secure their passwords. Credential stuffing is an easy-to-execute cyberattack, which relies heavily on weak and reused passwords. It goes like this:
- hackers obtain a list of leaked username-password combinations from some data-leak (for example, Marriott hotel data-leak);
- then they get automatization software, which allows bombarding different services with username-password combinations en masse;
- they use millions of usernames-passwords in hopes that the same combination will be reused on the service they’re targeting;
- In case of success, accounts are stolen and most often sold on black markets for a lower price.
Because this attack requires little know-how, many cybercriminals are drawn to it, expecting some quick cash. And cybersecurity professionals are already warning of an increase in such attacks. So what can you do about it?
Use a Password Manager
Credential stuffing relies heavily on reused passwords. For example, you have a Yahoo account, which leaked several years ago and exposed millions of user-data. However, you were not aware of that and used the same email and password to register on Netflix. A cybercriminal obtained Yahoo leak data and tried the same on Netflix and successfully took over your account.
This would not have happened if a different password was used! And that’s where password managers jump in.
A password manager allows you to have as many different and complex passwords as you require. Instead of remembering them by heart, you will be able to use long passwords (60 symbols length), which will be saved in an encrypted vault. Additional encryption ensures that your passwords aren’t exposed to anyone but you, because you’re the only one that holds the decryption key. This significantly reduces the chance of your passwords being leaked somewhere and practically guarantees protection against credential stuffing attacks.
When picking a password manager, it is of utmost importance to know your provider is reliable. After all, you don’t want to give all of your passwords to someone who won’t protect them adequately. Advanced password managers like NordPass have the so-called zero-knowledge architecture. That means that your passwords are accessible only to you, and even the people that developed and maintained the manager can’t get access to them. This is a massive boost to online safety and privacy, and over the last few years, password managers enjoyed a steady rise in their userbases.
Last but not least is the comfort that a good password manager delivers. You won’t have to input your passwords by hand anymore, because there’s an autofill function for that, and it saves time when browsing. It will also give you a password-generator, so you can select how long and how complex your password should be and get a new one in a second.
Ease-of-use, cyber protection, and enhanced browsing comfort – what else can you ask from a high-quality cybersecurity service? We hope this piece will encourage you to try password managers out, and prevent you from having unnecessary losses and the frustration of having your account stolen.