However – in an era where the volume of breached data has increased 8x in the past 5 years alone, the basic security tips that consumers have relied on in the past aren't necessarily the best (or only) advice that should be considered in the modern threat landscape.
In the wake of countless major cybersecurity breaches, many of the “checkpoints” commonly used to prove our digital identities – from social security numbers to email addresses, passwords and even personal facts and history – are now in the hands of hackers, and no longer a valid way to confirm who we are online.
IBM Security experts offer the following advice for consumers to consider in the modern age of cybersecurity – taking into account new guidance around passwords as well as outside of the box tips that that can help people cope in an age where personal data is no longer private data.
1. Ideal Password = A Long, Nonsensical Phrase: While the death of the password has been long predicted, they’re currently a core method of access for most systems and must be created with care. While the “rule of thumb” for passwords in the past has focused on complexity – at least 8 characters combining letters, numbers and characters – new guidance in recent months suggests longer “passphrases” – several unrelated words tied together, at least 20 characters – are actually harder to crack and easier to remember.
2. Store Passwords in a Digital Vault: Rather than try to memorize multiple passwords or store them insecurely on your phone notepad, use a password manager - which not only acts as a vault for existing passwords, but can also generate stronger passwords for you. Rather than managing 10 passwords on your own, you’ll just have to remember the one key to your digital vault.
3. Lie on your Security Questions: Many account security questions ask about information that could easily be found online these days (former addresses, your mother’s maiden name, etc). Consider either selecting questions that are opinion based – like your favorite color or movie – or even using fake answers for these questions to ensure that only you know the answer.
4. Double Dip on Security Checkpoints: Many services nowadays, particularly sensitive accounts like email and banking, allow for two-factor authentication (2FA,) which adds an extra security checkpoint when certain risk factors are present – like logging in from a new location or device. Determine which accounts are at risk/sensitive and add an extra login step to avoid a single point of failure.
5. Get Comfortable with Biometrics: Even applying the best practices above, we’re quickly approaching a future in which the use of passwords as the sole to method establish identity isn’t enough. Biometric authentication uses physical and behavioral characteristics, such as fingerprints, as a means of protection and can use the things that are uniquely you as a safeguard. At the same time, experts have devised ways to make sure this data is collected and applied in way that ensures privacy for consumers while preventing the ability for this info to be used by hackers.