How secure is your email password? Is it the same as your Facebook password? Not for everyone, but for a worrying number of people online, the answer to that is yes.
And the answer would remain the same even for things such as PayPal accounts and internet banking.
So many of us use the same password for almost everything - or at least a variation of the same password (adding a differing number to the end to fool would-be cyber-criminals). Internet security is something most of us are vaguely aware is important but either don’t feel the need, or simply don’t know how to keep ourselves more secure.
“There are 1.6 billion active social network users worldwide”
- In Depth Statistics
- “600,000 Facebook accounts are compromised every single day”
- Heimdal Security
- “One in ten social network users say they’ve been the victim of cyber attacks, and the number of reported attacks rises every single year”
- Heimdal Security
Make your passwords hard for cyber-criminals to guess. Use upper/lower-case combinations. Use numbers.
Use special characters. There are a number of ways to increase security but most of us really can’t be bothered.
It’s hard, sometimes, just remembering one relatively difficult password, let alone an ever-increasing number of varied passwords. So most of us just go through our online lives with the ‘it probably won’t happen to me’ notion - blissfully unaware of just what’s at stake if just one of our online accounts is compromised.
Let’s just say you, like so many out there, do in fact use the same “master password” for almost everything. Let’s say you use it for Google Mail and PayPal and Amazon.
Now these huge technology giants use unimaginable amounts of encryption and security to keep your information safe and protected from criminals - and chances are, safe it will remain with them. But let’s say you’re also a member of a small, privately-owned forum about your favourite sports team, and you use the same password for that too.
The guy that owns this website isn’t Google or Apple and can afford neither the money nor resources to provide you with the same level of data-integrity and security as they can. Now let’s say his website does indeed fall victim to a cyber-attack.
Chances are, your username is your email address - the same email address that’s also your login for your PayPal, Amazon and internet banking accounts. Said cyber-criminal now has access to them all, with absolute ease. Not only can he read your private emails, he can log into your Facebook and view all those things you marked as private, purchase things in your name, apply for credit, and much, much more.
In the time it takes you to read this article, you could very well have spent every penny in your bank account, destroyed your credit rating and had your privacy (that thing we all take for granted in everyday life) completely destroyed without your knowledge.
Now this sounds a little dramatic and possibly even far-fetched, but it really isn’t. This happens every day, in almost every country that accesses the web. The truth of the matter is that we feel we’re using relatively difficult passwords for most things and we really aren’t.
So what’s the answer? We can make super-complex passwords for everything we use on a daily basis but let’s be honest; we will never remember them without writing them down somewhere which completely negates the purpose of having a secure password (though you’d be amazed how many people go for this option).
The answer, for me at least, as well as millions of others out there who want to up their security game, is a password manager. A password manager is (as it sounds) something that looks after your passwords for you, meaning you can go on accessing your accounts as easily as using just one password for everything, while at the same time having a hugely-complex and unique password for every single thing you do.
My Facebook password looks like (though obviously isn’t) this: &HlTM0eqi#zE3sMUC5I0I@NPw32t9e!k0KccntGqBbYk5xdgQxoiC0m57RijkoJR4Qla^$lsIC1Zz!5fpVkY6EfKUza4uVeaOwM
It is very unlikely a cyber-criminal would be able to guess this password - but there is also no way on earth I would be able to remember it. It’s 99 characters long and uses all manner of ridiculously complicated combinations of numbers, letters and characters - it makes absolutely no sense whatsoever, which is a good thing.
But I don’t need to remember this, my password manager does it. I have one complex password I must remember, but after that, the password manager does the rest. It logs me into every website I use, each with its own unique and complex password.
An example of a password manager is LastPass. It’s installed in my home computer as well as my smartphone and the account synchronises across any device I wish to use it on.
It remembers all the passwords it’s created for me at random, and uses them to log me into everything. If I’m on someone else’s computer, I can simply go to the LastPass website and access my passwords from there. LassPass is one of the best and most highly-trusted password managers around today. It utilises military-grade encryption and never transmits your own password outwith the device, meaning not even LastPass can see your data - it is only accessible on a device you’re currently using.
As long as your LastPass master password is secure and complex, no one can access the information contained the ‘Password Vault’. Suddenly you’ve gone from being incredibly vulnerable to a cyber attack (as the majority of internet users are) to being sealed and secure in a protected bubble of passwords so complex they hurt the eyes to look at, in less time than it takes to update your Facebook with a video of cats being started by cucumbers.
Some people will continue to feel their password(s) is/are complex because they’ve got a number or a question mark somewhere in it, and they’ll feel that way until either someone manages to guess or crack their password, or until a website they use it on is attacked and suddenly their ‘One Password to Rule Them All’ password is in the hands of people intending to abuse it.
Everyone should up their game when it comes to internet security. You may feel cyber attacks happen to other people but they can happen to anyone. “Oh I’m not interesting enough to hack”, I heard someone say recently. You don’t need to be interesting, to be a target for cyber-criminals - they’re not there to get to know you. They’re there for money, or to cause damage.
So take a moment to have think about it - how secure are your passwords if you’re brutally honest? Do a little research and get your accounts as secure as they possibly can be. The more secure they are, the less chance you have of being attacked by a cyber-criminal - it’s that simple.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here