A recent survey conducted by Nudge with 506 respondents from South Africa (283), Ghana (66), Kenya (126) and Tanzania (32), revealed that 56% of the respondents were confident of their online password strength, while only 3% felt that their passwords were very vulnerable. These statistics are alarmingly high when in reality many people have bad habits when it comes to their password safety.
This is according to Candice Sutherland, business development consultant at SHA Specialist Underwriters, who says many people are relatively misinformed regarding the potential dangers that weak online passwords pose. “In a world heavily reliant on technology for daily operations, especially regarding banking, shopping and confidential communication, it has become more lucrative and easier to steal online than on the street.”
Social engineering is one of the most effective ways that hackers crack people’s passwords, explains Sutherland. “Individuals’ personal details are freely available on numerous websites, especially on social networking profiles, which makes it very easy for criminals to guess passwords and answer security questions if the person does not have a strong password in place.”
For example, she explains that ‘What is your mother’s maiden name’ is a popular security question and when a someone has their mother listed as a friend on their Facebook and her maiden name is included in her profile, the criminals will be able to use the information in order to hack the user.
In addition, online security firm Splashdata, revealed earlier this year that the top three passwords used in 2015 were “123456”, “password” and “12345678”.
Sutherland states that the biggest and most common mistake consumers make is to use the same password for multiple accounts. “People who have one password for multiple accounts are extremely vulnerable to being hacked, as the criminals often use password-cracking software that can keep testing different passwords until they find the correct one.”
She urges consumers to ensure that their passwords and associated security questions contain a combination of numbers, letters and symbols. “When choosing a security question, avoid choosing your mother's maiden name, place of birth, favorite destination or pets name as these are things that criminals can easily find out. Should a certain website force the user to choose one of the former security questions, an answer such as ‘amst3rdam#’ might be enough to remind you of your favorite place. Every additional character, regardless whether it is a letter, number or symbol makes a password exponentially harder to crack.”
Sutherland provides the following tips for consumers to ensure that their passwords are not susceptible to hackers:
· Do not enable the “remember me” function available on websites to remember passwords. If someone else gets access to your computer just think about all the social networks and shopping sites they can enter.
· Do not share passwords with anyone.
· Never use personal information such as your name, birthday, or spouse's name in a password as personal information is often publicly available.
· Create a long password. A password should be at least six characters long, but should ideally consist of 12 characters if the site allows it.
· Do not use the same password for each account. If someone discovers a person’s password for one account, they will be able to access all the other accounts.
· Attempt to create a password that is a combination of numbers, symbols and both uppercase and lowercase letters if the website allows it.
· Avoid using words that can be found in the dictionary. For example, swimming would be a weak password. Random passwords are usually considered to be the strongest.
· One can use a tool such as password generator to create strong passwords.