01 Feb 2019

Data security: do you have weak locks on your digital assets?

Kevin Hogan

Fraud risk manager, Investec Private Banking

Your password is the 'open sesame' to your entire life. A weak password is like protecting a R100m house with a R100 padlock.

Receive Focus insights straight to your inbox

Sending...

Please complete all required fields before sending.

Thank you

We look forward to sharing out of the ordinary insights with you

Sorry there seems to be a technical issue

Some of us follow the path of least resistance and fall into the trap of single sign-on offered by Facebook or Google or, worse still, use the same password for every account.
 
It's this convenience that could leave you vulnerable to online fraud. An identical password for multiple logins simply means a fraudster only needs to crack your privacy once to gain access to all your personal and financial information.

 

 

When award-winning US computer scientist Fernando Corbató implemented the first use of passwords to secure access to large files on a computer system in the 1960s, he probably had no inkling of the headache it would become for everyday users some six decades later. 

 

The problem in this digital age is that we need so many passwords to manage our social media, our money and our accounts. But, as much of a headache as these have become, that hieroglyphical combination of numbers, symbols, upper- and lower-case letters, and special characters is here to stay.

 

Our days of complacency – where lazy passwords like '1234' and 'Password', or geeky-cute ones like 'Starwars' or 'Slytherin' would cut it – are over, as cybercriminals become more cunning and hacking becomes a darker art.

 

Simple passwords are as easy to crack as the toss of a coin or a few lucky guesses. In fact, a bot (a software application that runs automated tasks or scripts over the Internet at a much higher rate than humans) is able to unravel a six-character password in just four hours. 

 

Read more: You've been hacked

Listen to part one of the podcast

Kevin Hogan, Investec's fraud risk manager, shares practical tips for cybersecurity
"We see these videos of cash in transit heists, and the money's all lying on the floor, or the guys rob banks … it's pizza money, compared to what guys are stealing from behind a laptop."

Subscribe to Investec Focus Radio SA

Listen to part two of the podcast

Cybersecurity for business: big data, big risk

Your password works like a magic key, granting access to your entire life – and that includes your privacy and money. Yet we are, at times, guilty of placing weak ‘locks’ on our digital and monetary assets. 

 

Of course, we have other identifiers that may, in time, replace passwords. Fingerprint, voice or facial recognition can add extra layers of security in preventing a breach. 

cybersecurity
- Kevin Hogan

It's predicted that DNA may become our future password

While biometrics are a step towards better cybersecurity, these are not inviolable. A voice can be recorded and manipulated, a fingerprint lifted from a wine glass and moulded into a synthetic replica. If it seems like a scenario from a spy thriller on Netflix, keep in mind that criminals will go to any lengths if there is enough gain at the end of their efforts.

If your password is hacked, you can replace it. You can't do the same with your face or voice.

High net worth individuals and businesses are especially vulnerable to this type of targeted attack.

 

Beyond the myth, biometrics are hackable through sophisticated techniques that bypass physical features and replicate data patterns to gain entry to a device like a smartphone. As far back as 2013, ethical hackers cracked the iPhone’s Touch ID in less than a week. Similar techniques can be used to crack the biometric security for a car, home – or bank account.

 

If your password is hacked, you can replace it. You can't do the same with your face or voice.

 

We should not use biometrics and other technology in isolation from traditional security measures, such as a password, a one-time PIN SMS and second-factor authentication. Second-factor authentication entails two-step verification and as such, requires you to have your password and something physical (like your phone) with you in order to gain access.

A 12-character password could take that same bot almost 200 years to crack, so it's worth the extra effort.

In fact, these should all work together to create an ecosystem of cybersecurity. At Investec, for example, we pioneered the use of voice biometrics in SA for our global Client Support Centre, but this is supplemented with second-factor authentication and other security measures.

 

Cybercrime can make one feel vulnerable and defenceless. However, your password is something you can absolutely be in control of and keep private. It is your strength. If you think of it as an unbreakable string, your ideal password should be a robust rope. The strength of a password is predicated on both its length and complexity – so the longer and more complex it is, the stronger it will be. Consider this: a 12-character password could take that same bot almost 200 years to crack. So, it is worth the extra effort.

 

!nVest#cISthe8est#

A passphrase or mnemonic is a good way to remember a password. For example, you can turn a phrase (Investec is the best) into a password phrase (!nVest#cISthe8est#), which may be easier to recall. 

 

Read further: Seven ways to create strong, secure passwords for your accounts

 

If you need help, opt for an offline password manager like KeePass – an easier and more secure way to generate long passwords.

 

Passwords are not forever. We should change these frequently and create unique passwords for every door we want to lock in our digital world. Your watchwords should always be ‘Do Not Enter’.

About the author

Kevin Hogan headshot

Kevin Hogan

Head of Fraud Risk

Kevin holds a degree in financial risk management. By profession, he is a credit analyst. He says he fell into the whole 'fraud thing' by accident, and the rest is history. Kevin now manages fraud risk for Investec Bank Ltd and contributes to content insights on Investec Focus.