When was the last time you made it easy for a burglar to break into your house or your vehicle? Never? Good.
Then why do consumers make it so easy for ID-theft criminals to break into their personal identity information through poor password management? Of course using the same password for multiple online accounts makes life easier, but it also increases your online security risk and exposes you to data breaches.
Here's the harsh reality of easy access for cyber crooks. In the past year alone, 40 percent of consumers experienced a security incident where they received a notice that their personal information had been compromised, an account hacked or had a password stolen. Therefore, if your one single password is hacked, all of your other accounts using the same password are at risk.
And though various companies and organizations have increased education among customers and employees, 47 percent of consumers are using a password that hasn't been changed in five or more years, according to the June 2015 TeleSign Consumer Account Security Report.
Weak or inadequate password management trends are surprising considering the growing risk and the headaches that ID theft victims face when their identities are used fraudulently.
Telesign's report was supported by an international study of digital security concerns and practices and revealed the following about consumer password habits:
- Consumers have an average of 24 online accounts, but use only 6 unique passwords to protect them.
- 73 percent of accounts use duplicate passwords.
- Consumers rarely change their passwords, with 77 percent using a password that is one year or older.
Aside from needing stronger password management, single-factor authentication — or the use of only one category of credential is a contributing factor in security incidents.
As a result, "68 percent say they want online companies to provide an extra layer of security, such as two-factor authentication, to protect their personal information."
Two-factor authentication (2FA) is the process where a consumer or employee provides two means of identification from separate categories of credentials. Three credential examples are something you know (e.g. password), have (e.g. smart card), or are (e.g. fingerprint).
While the report states that 2FA is widely available, 61 percent of consumers have not enabled it for any accounts. Also stated is that of the consumers not using 2FA, 56 percent are unfamiliar with two-factor authentication, 29 percent don't know how to turn it on and 29 percent say none of their online accounts offer it.
My top password defenses are easy, but they do require your attention.
- Change default passwords immediately.
- Do not share passwords and change your password every 90 days.
- Consider using a passphrase (i.e. multiple words or a sentence) instead of a password as they are inherently more complex, however may be easier to remember
- Use 10-character passwords including lower- and upper-case letters, numbers and signs.
- Do not use personal information such as names, initials, birthdays, anniversaries, cities, pets, etc.
- Realize and accept that no password is "unbreakable" and it can be stolen.
To conclude, cybersecurity threats and attackers are moving faster than ever. Consumers are in need of help to stay protected and put their minds at ease. They should take advantage of stronger passwords and two-factor authentication.
Mark's most important: Don't help ID-theft criminals victimize you by making your password an easy passport to ID theft.
This article was originally published on AZcentral.com and republished with the author's permission.
Merchants Information Solutions is a proud sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please see our sponsorship policy.