Think through your use of passwords!

By Louise Heurlin

During the fall, the Chief Security Officer of Facebook, Alex Stamos has beaten the drum for Internet security risks on several tech events and fairs. His main thesis is that reusing the same passwords on multiple sites and for various accounts is by far the biggest threat to Internet users across the world.

"Even when you look at the advanced attacks that get a lot of thought in the security industry, these usually start with phishing or reused passwords," Alex Stamos.

The problem being identified is not the same as solving it. Although people in Europe say they are concerned about their online privacy, many Internet users either lack expertise on tech or are just not security conscious. You should therefore give your website visitors options to keep their security and passwords safe. Also, make them aware when a connection is not secure. Again, security should always be a top priority.

Here is how you can reduce the risk of getting hacked

• • Never use generic, but individual accounts. Use a personal email as username to login at sites or accounts.
• • Use strong passwords that are easy to remember, but hard to guess and compute.
• • Use unique passwords on all your different sites and accounts.
• • Store encrypted login credentials in private accounts of password management services such as LastPass or Dashlane.
• • Never submit usernames or passwords using unencrypted channels such as HTTP, but only HTTPS.
• • Never send usernames or passwords using unencrypted channels such as email. If you absolutely must send over login credentials – send the username as email and the password as SMS/text message.
• • Enable two-factor authentication (2FA) or multifactor (MFA) authentication as it’s the best way to secure your accounts. It identifies us by presenting several distinct pieces of evidence, typically using knowledge (something you know; e.g. a password), possession (something you have; e.g. a smartphone) and inherence (something you are; e.g. by fingerprint reader or voice recognition).

See also our blog post about data protection and migrating your website to HTTPS.

Should you have any queries or require any further information regarding data protection and Internet security, please don't hesitate to contact Andreas Bergström, CTO at +46709711260 or andreas.bergstrom@comprend.com.