The pandemic greatly expanded our digital lives as we were all forced into our homes with only our devices as our links to the outside world. A recent survey by Ofcom found that UK adults spent an average of three hours and 47 minutes each day surfing the web across devices in 2020. But with greater time spent online, comes greater security risks.
Passwords have become a key component of IT security and an essential part of keeping online accounts secure. But as the number of online accounts continues to grow in our personal and professional lives, so does the number of passwords. Many consumers have a solid understanding of proper password security and the necessary actions to minimise risk, yet they continue to pick and choose which accounts they apply that knowledge to.
Personal and professional combine
Reliable security measures are more important than ever as cyber threats continue to evolve and mature. The Covid-19 pandemic sent office workers across the globe to their kitchen tables and makeshift home offices, using dicey home WIFI networks that weren’t secure.
It’s no surprise then that the number of cyber-attacks has risen sharply over the past 18 months. Businesses and internet users need to avoid risky password behaviour and IT admins need to rethink security strategies in a hybrid work environment. According to the Data Breach Investigations Report 2021, 85% of breaches from phishing attacks involved a human element. Passwords and other secure authentication procedures such as single sign-on (SSO) and multi-factor authentication (MFA) therefore remain crucial in the face of increasing attacks.
Few users are truly concerned about whether their own passwords have already been captured and compromised by hackers. Many wouldn’t have a clue if their data was on the dark web, highlighting the many blind spots in password management.
Expanding our digital lives
Recent research found that 79% of respondents agreed that compromised passwords are concerning, but over half rely on their memory to keep track of passwords. It is especially worrying when two-thirds (65%) are using the same password across multiple accounts, putting sensitive data at risk.
While we are spending more time online than ever before, the online accounts we have has also increased, making it increasingly difficult to keep track of login information. It’s why many still use insecure passwords that contain personal information such as birthdays, home addresses and even names to help them remember. Passwords that link to information that is readily available online makes them easily identifiable by hackers and an easy target.
Awareness, but no action
Despite understanding the associated risks of being hacked and the rise in remote working, security habits are not changing. Recent research shows that almost half of employees still share sensitive information and passwords for professional accounts with colleagues while working remotely. Engaging in this risky password behaviour poses a major problem for businesses and IT administrators who need to secure corporate networks and resources.
Coupled with the cognitive dissonance in consumer awareness of the need for security versus action, the type of information being protected has an impact on a consumer’s likeliness to use good password practices. While 68% would create strong passwords for financial accounts, only one in three (32%) said they would do the same for work-related accounts.
Protection for our online presence
The pandemic affected our lives in many ways but as we navigate out of continued lockdowns and move into an era of hybrid work, password security must be a priority. As online presences continue to grow, from streaming services to new business cloud applications, every user needs to better protect their online information. A password manager can be an invaluable tool to store all personal and digital data in a private, secure vault. Businesses can then set up an additional layer of security from there, through a MFA or SSO option so they can ensure that only authorised personnel can access data.
Many cyber-security issues can be pinned down to human error, leading to vulnerabilities being exploited. Security measures need to be implemented and evolved over time, it’s never a one-time project. We must all work together, in both professional and personal conditions, to keep our data safe and out of the hands of hackers. But this only comes from getting security practices into shape. Remote and hybrid work will continue to be the ‘new normal’ in which companies and employees operate. Therefore, a focus on cyber-security is sorely needed. Proper password hygiene and investing in solutions with built-in privacy features is a good place to start. Only then will we begin to build up more robust protection for our online lives.
Dan DeMichele is the VP of Product Management for LastPass at LogMeIn, responsible for leading both LastPass development and product management software teams.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.