We use many different applications, various portals and social networks on a daily basis and for many of them we choose (or are forced) to have an account. In order to reduce the risk of account getting hacked and personal information being leaked, everyone can start with an ordinary thing – credential security. The best way to protect your personal information is to use physical keys such as Titan Security Key, YubiKey or Latvian eID card, or usage of specific authentication apps on smartphones such as Microsoft Authenticator, andOTP, Smart-ID, Authy, etc. Backup codes should also be stored securely so that access is recoverable in case the authenticator is lost or breaks down. If the usage of physical keys or applications is not possible and we use the basic password for identity confirmation, we can protect our accounts and profiles by creating a strong password and changing it from time to time.
The most common user mistakes that facilitate hacking are the usage of identical passwords for multiple separate resources, as well as the usage of short or common passwords, such as consecutive letters or numbers on the keyboard “zxcvbnm” or “123456”, as well as other easy phrases such as “password”, “0000”, “password1”, “Jameson2009”. There is a myth that complex passwords consisting of different nonrepetitive symbols are safer, but this is not the case. For instance, passwords like “G8%ks@12” will be harder to remember and will certainly be easier to guess than “C#t is drin4ing bla^k juice.” Not changing the default passwords set by the factory should also be avoided, so it is important for the user to create his own, original password without using song lyrics or other phrases that are easily available on internet resources or associated with the user themself, such as the names of relatives or pets. Creating a secure password is easy – instead of one, two words or random combinations of letters and symbols, you should aim for creating a longer sentence. It is also recommended to include spaces, symbols and capital letters when creating passwords. In this way passwords will be easier to memorize and, given the fact that passwords consisting of a sentence with other additional elements are long, it will make it more difficult for the computer to guess them. You should keep in mind that after entering your passwords on unfamiliar devices you must log out of your profile, and afterwards – when back at your own device – the password should be changed as soon as possible. The password should also be changed immediately if there is a suspicion that it may have been stolen or leaked, for example, as a result of a social network that you use being hacked. You can use one of the services to find information about such cases, for instance, “Have I Been Pwned?”, which displays a warning in case a user’s account has been spotted in one of the data leaks published on the internet.
When you’ve chosen a secure password, the next step to focus on would be the safe storage of your passwords. Taking into consideration that you likely have many different password for many resources, it becomes difficult to memorize all of them, especially if they are unique for each profile as they should be. Passwords can be written down in a notebook, but in that case, you should make sure not to lose it or leave it unattended because this way passwords can become available to third parties and your accounts can get hacked. You may consider using a password manager software such as KeePass. Writing passwords on sticky notes and sticking them on a computer or bank cards should definitely be avoided, since it would facilitate access to accounts not only for hackers, but also for thieves. Storing passwords inside any device also has its own risks. In case passwords are stored on the phone and it is stolen or hacked, the attacker gains access to all the passwords stored and can use them for their nefarious purposes, therefore it is important to set a secure password for the phone as well as computer, and use disk encryption which is a topic for another time.