Who’s to blame for bad passwords?
When users use bad passwords, bad things happen. But who’s really to blame? The users themselves for creating weak passwords, or the services that allow them to use those passwords in the first place?
Back in December 2019, thousands of Ring camera users had their accounts taken over by hackers, who proceeded to spy on them and terrorize their families and children in the privacy of their own homes.
After conducting an investigation, Ring concluded that its system and network were not breached, and explained that affected users had reused passwords that hackers were able to obtain from other data breaches. Essentially, they blamed the users for reusing passwords.
We all know that we need to have strong passwords and change them frequently. But with so many online accounts these days, users often simply reuse passwords which opens them up to attack.
So what’s the answer?
National Cyber Security Agencies in many countries (including the UK’s National Cyber Security Centre) now recommend the use of technology to help manage this issue in the shape of password managers coupled with 2 factor authentication (commonly called 2FA). Essentially:
- A password manager creates complex passwords, stores and manages them for you and automatically fills them in when you need to log into a site.
- 2 factor authentication requires that you confirm your identity through a different medium – often via a text message.
A combination of these two approaches significantly increases your online security.
The trouble with using a text message for 2FA is that you are not always in a place that you can receive a text message (my home office for example has very poor mobile coverage) which can lead to a great deal of cursing when the text message to arrive. The answer is to use an “authenticator app” – an application what works on your device and generates a secret code and does not require a network connection to work.
Which Apps should I use?
There’s a wide choice of password managers and authentication apps out there, including many free ones. However, we have found through years of experience that there are some “gotchas” to look out for:
- Having different apps for both password manager and authentication just leads to an extra layer of frustration;
- When you change devices (such as buying a new phone), it can be extremely frustrating and time consuming to re-set all your 2FA accounts on the new device. Most 2FA apps do not offer an easy migration path;
- Passwords and data need to be held securely;
- When setting up passwords and 2FA for your teams you need something that is easy to centrally manage.
So we have finally settled on an application from MyKi that combines both password management and 2FA in one app, with central management, the ability to manage teams and data is stored locally on your devices.
Keep current with our “How to” guides and top tips through our IT Insights newsletter.
Setting up MyKi
We offer MyKi as a managed service which means we help you set it up, migrate data from your current password manager (where appropriate) configure it across your your teams all for a small fixed monthly charge.
The easiest way to get this done is to ask us, but essentially:
- The on-boarding process starts with downloading the MyKi application to your mobile device. You mobile phone number is MiKi’s primary key to your information and is used for resetting accounts
- Since you’re setting up a new account with Myki click on Create a new Myki account.
- You will be asked to verify your account to enter a code sent to you by SMS. You can alternatively opt to receive a call instead of a text
- Next, think of a six digit PIN code used to access your account. Note: Devices that support fingerprint or facial authentication can unlock the Myki App using their fingerprint after creating the 6-digit PIN.
- During the Installation Steps, we strongly recommend that you install the Myki Desktop app to autofill your passwords on your computer and easily manage your backup files
- After clicking on Installation Steps, you’ll be prompted to add the Myki Desktop App to your Myki account by scanning the QR code displayed on the sign up page of the Myki Desktop App
- Click on Get Started to start using Myki on your phone
- Now you’re ready to add/import your passwords to Myki. Click here to learn how to import your passwords into Myki or here to access the Myki Help Centre page and learn more about how to use Myki across different platforms.
Further reading:
We have published a number of articles around passwords and 2FA that you may find interesting:
- Google Chrome Password Checker – checks to see if your identity / password combination has been compromised
- 123456 as a password – You wouldn’t credit it would you. 123456 is still the most used password.
- Increase security with 2 factor authentication – an introduction to 2FA
Like to know more? Call us on 01428 770 290
Keep current with our “How to” guides and top tips through our IT Insights newsletter.