Password Myth Busters

Think you know it all when it comes to passwords and protecting your digital life? Guess again. As the saying goes, it’s what you don’t know that can hurt you. Here below are some popular myths about passwords and digital security – busted for you.

Myth: Most people exercise reason and caution in securing their digital devices and Website access with good passwords.

Reality: Nearly one in five people use the following password, many on multiple devices: 123456. That’s the conclusion of a search of 10 million passwords used in successful data breaches in 2016. The second most commonly used password? None other than 123456789! And coming in a close third is qwerty – the top six letters of a common keyboard. Don’t expect much help from Websites who could, if they wanted enforce tougher password policies. But that might slow site traffic. Thus good password hygiene is up to you. Click here for a free copy of a great guide to password safety in an unsafe world.

Myth: Passwords are becoming outmoded and old school, easily replaced by more snazzy technologies and techniques.

Reality: In the words of international security expert Per Thorsheim, “Everyone who predicts the death of passwords next year will be wrong again, just as they have the past 10 years.” It’s not that the industry hasn’t tried to retire tried and true passwords to protect your digital life. There are patented, wearable devices for wrist vein recognition; a ‘selfie’ that identifies you by the size of your body parts (just don’t gain/lose weight); iris scanning (hold the contacts); even a notion for a swallowable ‘pill’ that is powered by stomach acid and which emits signals to sensors in digital devices. Or – you can just get yourself a great free password management solution that creates nearly uncrackable passwords for each device and site you enter, and remembers them all for you.

Myth: There’s no need to reset the factory-installed passwords in digital devices like baby monitors and security cameras. Why bother?

Reality: Last October sophisticated international hackers using a popular piece of hacking software called Mirai broke into more than 100,000 Internet of Things devices, including security cameras and baby monitors. They then created a large botnet—a centrally controlled, infected network of internet-connected devices, albeit not exactly smart devices but interconnected all the same. They then used the botnet to launch a distributed denial of service attack on a major internet backbone company, rendering millions of people and businesses without service. Mirai-toting hackers struck again a month later, this time knocking electric power out to nearly a million German customers. The moral of the story: Reset the factory password presets on your digital devices so you won’t become part of the problem.

Myth: So what if my password gets stolen. What can the crooks do with it anyway? Probably nothing.

Reality: A year ago some 400 million passwords stolen from MySpace went up for sale to the highest bidders on part of the Internet known as the dark web. The same hacker later placed another 100 million purloined passwords stolen from LinkedIn for sale. Armed with these seemingly innocuous passwords, hackers used sophisticated programs to try to kick the door in on personal bank accounts, social media accounts, credit card accounts, and other places where troves of personal data lie. And once they are in they can do all sorts of nasty things to make your life miserable. Again the only protection is strong passwords that are not used repeatedly for different devices and different sites. Remember that 63% of successful data breaches result from weak, default or stolen passwords. Virtually all of this can be stopped.

Myth: When US citizens traveling in the US, TSA as well as US Border Patrol agents can never demand the passwords to your devices.

Reality: That is true for the TSA, but not so for US Border Patrol agents. There are confirmed news reports of US citizens being prevented from re-entering their own country unless they turn over both their devices and the passwords for unlocking them. What the agents can then do with the information they view or seize and how long they can keep it is undefined and unclear. The only solution and protection, for now, is to remove any sensitive data and files from your devices before traveling internationally –much easier said than done for business travelers. But that is another reason for using third party cloud storage providers, which can safely offload those files from the devices for retrieval later on.

Myth: When traveling internationally it is generally safe to use the digital device charging stations in hotel rooms, and it is safe as well to just jump on line to check your bank balances and credit card statements from ‘public’ PCs and tablets at coffee houses and bookstores.

Reality: Wrong on both accounts. Even in nice hotels, it is easy for cyber thieves working with cleaners to install malware discretely on room docking stations. Using these, it is easy to steal passwords to whatever sites you access. Ditto with publicly available devices, which are notoriously riddled with malware to swipe your digital goods.

Conclusion

Perhaps the most stark reality is that the world is a very unsafe place when it comes to your digital data, given the number of cyber thieves out there, the sophistication of their illicit techniques, and their determination to rip you off.  For consumers, passwords by far remain the best protection in this global threat environment.