Where the rest of the world is switching to two and three factor authentications, for a fact most of the Internet users in India are beginning to use passwords sanely. For security both online and offline, only password authentication is turning out to be a failure. After speaking to the masses living in the upcoming digital spaces of India and after hearing the crimes that have been committed against them, it is safe to conclude that the highest number are due to bad digital practises of the users. Sadly, Long Password = Secure Account is one of them.
Now, why is a long password not enough?
The only problem with Indian users we have observed is that our passwords mean something. If your mother’s or girlfriend’s name is your password with a “@123” at the end, it does not matter how long the name is. If today your passwords mean something, they are breakable. So, the first thing as a user you need to do is review each and every password. Starting from your WiFi router to your ATM pin. Do not let any password mean anything; avoid using @123 or 123! in the suffix. The reason for that is again simple, you are giving the liberty to an attacker to attempt to breach and also ensuring the required probability that one of the combinations work. I was at a conference a couple of days back and they had a WiFi network protected with a password and WPA2 encryption. I did not know the password and very urgently needed to use the Internet. I punched in just the name of the router itself and suffixed a “123” and to my surprise I got connected. It was a long name, but too insecure for the simple reason again that it meant something.
There are technologies in the banking sector like OTPs on a mobile device which I am sure most of the users are aware of. What every user needs to know is that these two factor authentications are usable beyond the banking sector. In the era where data is more expensive than any other thing, it is terribly important to safeguard your identity and other personal information. You can read about how to set up two factor authentication on Google Authenticator here. In a nutshell what you can do today is review all your passwords and:
1. Keep a different password for all online and offline accounts and devices.
2. Stop using traditional and default passwords.
3. Do not suffix “@123”, “123!” etc. just to fulfill the requirements of a password field.
4. Do not let your password mean anything. Keep it abstract and don’t let it resemble something that someone can guess.