Receive Focus insights straight to your inbox
It's this convenience that could leave you vulnerable to online fraud. An identical password for multiple logins simply means a fraudster only needs to crack your privacy once to gain access to all your personal and financial information.
When award-winning US computer scientist Fernando Corbató implemented the first use of passwords to secure access to large files on a computer system in the 1960s, he probably had no inkling of the headache it would become for everyday users some six decades later.
The problem in this digital age is that we need so many passwords to manage our social media, our money and our accounts. But, as much of a headache as these have become, that hieroglyphical combination of numbers, symbols, upper- and lower-case letters, and special characters is here to stay.
Our days of complacency – where lazy passwords like '1234' and 'Password', or geeky-cute ones like 'Starwars' or 'Slytherin' would cut it – are over, as cybercriminals become more cunning and hacking becomes a darker art.
Simple passwords are as easy to crack as the toss of a coin or a few lucky guesses. In fact, a bot (a software application that runs automated tasks or scripts over the Internet at a much higher rate than humans) is able to unravel a six-character password in just four hours.
Read more: You've been hacked
Listen to part one of the podcast
Kevin Hogan, Investec's fraud risk manager, shares practical tips for cybersecurity
Also subscribe to Investec Focus Radio SA wherever you get your podcasts
Listen to part two of the podcast
Cybersecurity for business: big data, big risk
Of course, we have other identifiers that may, in time, replace passwords. Fingerprint, voice or facial recognition can add extra layers of security in preventing a breach.
It's predicted that DNA may become our future password
- Kevin Hogan
If your password is hacked, you can replace it. You can't do the same with your face or voice.High net worth individuals and businesses are especially vulnerable to this type of targeted attack.
Beyond the myth, biometrics are hackable through sophisticated techniques that bypass physical features and replicate data patterns to gain entry to a device like a smartphone. As far back as 2013, ethical hackers cracked the iPhone’s Touch ID in less than a week. Similar techniques can be used to crack the biometric security for a car, home – or bank account.
If your password is hacked, you can replace it. You can't do the same with your face or voice.
We should not use biometrics and other technology in isolation from traditional security measures, such as a password, a one-time PIN SMS and second-factor authentication. Second-factor authentication entails two-step verification and as such, requires you to have your password and something physical (like your phone) with you in order to gain access.
A 12-character password could take that same bot almost 200 years to crack, so it's worth the extra effort.In fact, these should all work together to create an ecosystem of cybersecurity. At Investec, for example, we pioneered the use of voice biometrics in SA for our global Client Support Centre, but this is supplemented with second-factor authentication and other security measures.
Cybercrime can make one feel vulnerable and defenceless. However, your password is something you can absolutely be in control of and keep private. It is your strength. If you think of it as an unbreakable string, your ideal password should be a robust rope. The strength of a password is predicated on both its length and complexity – so the longer and more complex it is, the stronger it will be. Consider this: a 12-character password could take that same bot almost 200 years to crack. So, it is worth the extra effort.
!nVest#cISthe8est#A passphrase or mnemonic is a good way to remember a password. For example, you can turn a phrase (Investec is the best) into a password phrase (!nVest#cISthe8est#), which may be easier to recall.
Read further: Seven ways to create strong, secure passwords for your accounts
If you need help, opt for an offline password manager like KeePass – an easier and more secure way to generate long passwords.
Passwords are not forever. We should change these frequently and create unique passwords for every door we want to lock in our digital world. Your watchwords should always be ‘Do Not Enter’.
About the author
Head of Fraud Risk
Kevin holds a degree in financial risk management. By profession, he is a credit analyst. He says he fell into the whole 'fraud thing' by accident, and the rest is history. Kevin now manages fraud risk for Investec Bank Ltd and contributes to content insights on Investec Focus.