Passwords make us feel ????! Coming up with, remembering and using passwords is tedious, frustrating, time-consuming and not 100% secure either, as even the strongest password can be stolen and exploited. That is why the Centre for Cyber Security Belgium (CCB) is campaigning this year to promote better account security!
As part of the European Cyber Security Month, the Centre for Cyber Security Belgium (CCB) and the Cyber Security Coalition have launched a joint cyber security awareness campaign, for the sixth time. This year, we want to encourage internet users to apply stronger security measures for their accounts using two-step verification.
Online accounts (e.g. e-mail, social networks, online banking and online shops) are usually protected by a user name and a password. Unfortunately, users often choose passwords that are easy to remember and they also use the same password for different accounts. This makes it easy for hackers to gain access to those accounts. If an outsider gains access to an account, they can impersonate the owner and exploit it.
We find using passwords is frustrating. You have to come up with new passwords all the time, they have to meet all sorts of requirements (special characters, upper and lower case, numbers) and they have to be long. So long that you invariably have to start over because of a typo. And so on. Sigh.
Most Internet users are aware that a short and simple password is not good for them, yet we see that weak passwords are still used. 123456, azerty, password, a first name, a favourite team, 'bolleke' or 'sloeber', these are just a few of the top 30 most frequently used passwords in Belgium. The shorter and simpler a password is, the faster it can be cracked even by novice hackers.
Using strong passwords is an absolute must, but even then you still have to be careful. Strong passwords can also be stolen:
- Criminals try to steal your password by tricking you with a phishing email. They try to persuade you, for example, to enter your password in a fake website so that they can access your password.
- Data breaches are also frequent events. A platform you use, such as LinkedIn or Facebook may get hacked and all the users' data, including passwords, is stolen.
Sometimes we make life very easy for hackers:
- your passwords are on a Post-it hanging from your screen,
- you reveal your passwords on the phone, when you get a call from someone who pretends to be a Microsoft employee,
- you have entered your details to take part in some kind of competition,
- you store your passwords in a document on your computer called "passwords"
- and so on.
Using strong passwords is very important, but we recommend adding another layer of security: two-step verification (2FA).
Two-step verification or 2FA is a simple solution to better protect your accounts.
To access your account, you have to be able to prove that you are who you claim to be. There are three different ways, or factors, to do this:
- something only you know (your password or PIN number),
- something only you have access to (your phone or token),
- something that is a part of you (your fingerprint, face, iris, etc.).
You generally use only one of these factors to prove who you are, but it is better to use 2 or more factors: this is called two or multi-factor verification (2FA or MFA). For example, you use a password and have a code sent to your mobile phone, or you use your fingerprint and a code to gain access.
