When COVID-19 hit, employers acted instinctively by sending employees to work from home. But as that process unfolded, it became easy for personal online security to fall by the wayside amid the Zoom meetings and improvised childcare arrangements. But seemingly small online behaviors from individuals could have big consequences.
Continue Reading Below
A recent survey conducted by anti-fraud company Pindrop, where I am chief scientist, found that more than two-thirds of people working from home don’t have unique passwords for every account and nearly half have changed their default WiFi network password to something easier to remember.
The vulnerability this creates is astounding, opening the door for a slew of issues like account hacking and fraud.
It’s not surprising, though -- a 2019 survey from LastPass found the average person has as many as 85 passwords to remember. But taking shortcuts to remember them is extremely dangerous.
As we continue to adjust to our new remote work culture, and as hackers evolve their tactics to take advantage of it, this is an issue we can’t ignore.
So what should you keep in mind as you create and manage your passwords? Here are a three tips.
1. Create a virtually unguessable password for each account
Creating a password that uses a combination of letters, numbers, and special characters is key, as is creating a different password for every one of your online accounts, something that only a third of workers are doing.
Tedious, but by using the same password for more than one account, you’re increasing the amount of information at risk.
About a quarter of workers store the same password across as many as six accounts. But say a hacker gains access to your Twitter account and you use the same password for your online banking.
They will stop at nothing to access as many of your accounts as possible, and when they succeed at accessing something like your finances, your most sensitive information won’t stand a chance.
2. Avoid creating passwords based on numbers or words unique to you
Be mindful of the recognizable information you’re basing passwords on.
Gone are the days of incorporating things like our date of birth, addresses, and phone numbers into them -- things that we regularly hand over to others in our everyday life and are even available on-demand through our social media profiles.
We live in a world where this information spreads as hastily as the coronavirus itself, creating additional entry points for anyone looking to cause trouble once they obtain even a sliver of such information.
3. Store passwords in a safe place and even think about putting pen to paper
Of course, we still need to remember all these passwords, but it doesn’t escape me that that’s easier said than done.
Digital password managers like 1Password or Lastpass can generate strong, encrypted passwords for each account you have them remember for you, and even fill them in automatically -- you only have to remember one master password, so be sure to make it a really strong one.
Another simple way to remember passwords with the aforementioned characteristics is the old school way: write them down on a piece of paper, and store that paper in a place only you can access. In a digital world where hackers have access to a wealth of personal information online, this is still an effective way to ensure password privacy.
It goes without saying that the toll the coronavirus pandemic has taken on cybersecurity is here to stay. While regulators are putting more pressure on organizations who have experienced data breaches by slapping them with sizable fines (e.g. British Airways was fined $230M; Marriott, $124M; Equifax, $575M), fraudsters will continue to find ways to gain access to your data.
Leaders at banks, credit card companies, insurance companies and other businesses that have access to highly sensitive personal information are already taking steps to implement emerging technology to combat this rising fraud (some businesses have seen a 150 percent jump during COVID-19 alone).
You can expect to see more businesses using voice recognition technology and multi-factor authentication, for example.
However, it’s also up to you to take adequate precautions to protect your personal information and accounts.
Revamping your password security is a good place to start.
Matt Garland is the Chief Scientist at anti-fraud company Pindrop, where he focuses on forward-thinking strategies to fuel the next generation of voice technology. Prior to joining Pindrop in 2012, he was a Vice President at the speech analytics firm Nexidia (acquired by NICE Systems in 2016).