You may think the need for strong, secure passwords for your online accounts is obvious, but not everyone follows proper cybersecurity guidelines when it comes to creating passwords. In general, people are using the same credentials, or slight variations for all of their accounts. Bottom line: poor password hygiene habits make it easier for criminals to commit cybercrimes. When you incorporate password security best practices into your online routine, you can dramatically reduce the risk of your accounts being compromised.
Password hygiene is the practice of ensuring passwords are unique, difficult to guess, and hard to crack. It is a set of guidelines and principles that when properly implemented, help keep your passwords protected from cybercriminals. Good password hygiene best practices include selecting a tough, unique password for each account, avoiding the temptation to choose passwords that are easy to recall or guess, and keeping personal passwords private.
A study by the Microsoft Threat Research Team revealed that 44 million users were reusing their usernames and passwords. The survey also exposed that the largest percentage of passwords were weak and used for a long period. Using the same passwords for several accounts may be convenient, but you are making it easier for cybercriminals to gain access to multiple accounts once they compromise just one. Even if you have a strong password, it is important to use a different one for every account you use.
Multi-Factor Authentication (MFA) requires an additional step before the user logs into the account. This can be accomplished using multiple authentication mechanisms including an application on your mobile phone, text, email, or hardware token. Once credentials are submitted, a one-time passcode is generated. Since physical access to your authentication device is required, the difficulty level for remote attackers to gain unauthorized access to your accounts where MFA is enabled is exponentially increased.
We have talked a lot about MFA in recent months, specifically because of the security benefits it offers. You can learn more here.
As discussed above, Multi-factor authentication (MFA) can help you protect your online accounts by requiring that you approve login attempts before you can access the accounts. However, if you accidentally approve an MFA notification that you didn’t request, cybercriminals may be able to access your accounts and personal information.
In a new scam, cybercriminals are annoying you into approving an MFA notification. If cybercriminals figure out your login credentials for an account, they can send you repeated MFA notifications. The cybercriminals hope that you will eventually approve a notification to stop the notifications from sending. Then, the cybercriminals can update the MFA settings in your account to send notifications to their device instead of your own. As a result, the cybercriminals can gain permanent access to your account and any personal information that’s in the account.
Follow these tips to stay safe from MFA scams:
Never approve an MFA notification that you didn’t request.
Create unique, strong passwords for each of your online accounts. If the cybercriminals can’t figure out your password, they won’t be able to scam you with MFA notifications.
If you receive an MFA notification for an account that you aren’t trying to log in to, immediately change your password for the account.
Password Management tools are applications or services that help us create, securely store, and quickly autofill passwords when necessary. Of course, not all of the available solutions will necessarily offer the same features. A password manager stores all of your passwords in one secure, encrypted location, and also has a tool to generate strong passwords for you. You only need to remember one password - the password to access your password manager, which of course must also have MFA enabled. Password managers serve as amazing organizational tools, enabling your workforce to seamlessly practice better password hygiene.
Now that you know the importance of proper password hygiene and management, you may be wondering which password management tool is the best for you. For your corporate passwords, Compu-SOLVE has you covered. We offer access to a password management tool that will help you create and store unique passwords for each account. It also supports a web browser plug-in for easy access while you’re working. For Organizational Passwords, you can also securely share them with authorized individuals. All access to the solution is audited, and the service is protected by multiple encryption techniques and multi-factor authentication (“MFA”) to ensure security. Contact us today to learn more about implementing this into your organization.