Passwords are one of the most significant hurdles to consumer security and online privacy. Despite being the most widely accepted and utilized authentication method, they inevitably leave some of the responsibility for account security in the user's hands. As a result, passwords create the single biggest opportunity for user errors that can provide hackers with the ability to penetrate accounts and steal data.
Even when users are strict and employ best practices for their passwords, common social engineering attacks such as phishing can easily allow hackers to trick internet users into handing over their credentials. This gives hackers instant access to those accounts – and any others that use the same passwords. It can also result in those details being sold on the dark web.
Alex Stamos at Collision 2021
The former chief Information Security Officer at Yahoo and Facebook, Alex Stamos, understands these issues better than just about anybody. Speaking at Collision Conference 2021, the Stanford professor highlighted the importance of strong password security by reminding consumers that password managers are the single most important privacy tool available to them.
For individual consumers, the things that are most important are that, one, they should be using a password manager. The number one reason people's privacy is violated massively, and by that I mean in ways that can absolutely uproot your life, is that they reuse passwords everywhere.
That is how you end up with people's Gmail account being taken over, and therefore their bank accounts, and their phone number ported, and all kinds of money being stolen, or their data being held hostage. And so, utilizing different passwords everywhere - and a password manager to manage all that - is the number one thing people can do.
Why password managers are so important
Password managers allow users to set up strong, unique passwords for all their accounts. Those passwords are held securely behind a single master password. As a result, the user can protect all their accounts properly – while only needing to remember a single password.
The important thing to remember is that truly robust passwords must contain a mix of upper and lowercase characters, numbers and symbols, and will be random enough to keep them safe against brute force attacks and credential stuffing. They will also be a minimum of 12 characters long.
The advantage of a password manager with automatic secure password generation is that the user need not worry about thinking up robust passwords each time they create a new account – the password manager does this for them. They won't need to remember their secure passwords, either; a notoriously tricky task given their length and complexity.
By using a password manager to auto-generate highly secure passwords, the user also removes the potential for highly insecure password choices that involve a pet's name, as well as other weak passwords containing personal information. These kinds of passwords are a threat to these users, seeing as they could be guessed using social engineering techniques or brute forced with a dictionary attack.
Like Alex Stamos, at ProPrivacy we understand the value of a good password manager, and we know that using one does not need to cost the world. Admittedly, there's a lot of choice. We have gone to the effort of reviewing those services, however, so that you can find a reliable password manager that you trust.
Aa the end of the day, robust digital health must begin with structured password management. So head over to our password managers hub to find out more or check out our best password managers page. And, remember to take Stamos' excellent advice from yesterday's question-and-answer session at Collision Conference, because it really will improve your chances of preventing hacking and protecting your data:
The best thing for an individual consumer to do is to make sure they are using a different random password per website or service and they are storing all of that in a secure, reputable password keeper. In that case, it doesn't matter how insecure the password storage is because your risk from any site being compromised is hopefully restricted to only that site.
You do not want to have a contagion effect were somebody can break into the crappy betting site that you use and then use that to take over your email and take over your bank account.