For the longest time, passwords have been at the heart of our personal cybersecurity toolkit. When we had a couple of email IDs and social media accounts to handle, it made complete sense. But as our digital identities evolved to include hundreds of accounts, passwords are just not enough. Even if they are “strong” and even if they are different from one another.
In fact, whether out of complacency or just comfort, more than half of individuals reuse the same password for multiple accounts. As a result, hackers are in for a treat. So it is no surprise that stolen passwords are one of the leading causes of data breaches, whether personal or corporate.
Your Efforts Are Not Enough
Criminals spare no one. Even if you have followed all good practices and changed passwords regularly, you can still fall prey to attacks. Your efforts deserve appreciation, but they are rarely enough to protect you as you expected. The dark web has gone ahead and even calculated the worth of your entire digital identity, and it stands at $1200.
Truth be told, hackers sometimes don’t even need to break a sweat to steal passwords. All they have to do is ask. Scams such as phishing exploit our inability to use logic when we see a reward or a grave repercussion. Emails that tell you about a bumper lottery you won or a lawsuit that will cost you millions are a small example. When you see that subject line, your immediate reaction is to click on it and open the link it tells you to. No questions asked, no direct contact, but you’ve given away your precious credentials through a malicious link.
From any business’ perspective, the damage resulting from such a leak is far more extensive. Apart from their sensitive data, they have the responsibility of protecting all of their users and employees. In case a breach does take place, they suffer financial and reputational loss. To build customer trust after that is a challenge in itself. Systems at the biggest of companies have fallen to measly phishing attacks. It makes a more than fair argument for significant cybersecurity revamps.
Making Two-Factor Authentication the Norm
The above points make it quite apparent that we need to end sole reliance on passwords. The process of logging into accounts, especially those with sensitive data, must be more complex. Since it is hard to do away with passwords altogether, the best way is to add another layer of security to accounts with two-factor authentication (2FA).
Two-factor authentication means that you have to prove your identity by another method. This can be anything from an OTP to a fingerprint scan to a retina scan to voice recognition. This gives you more control over your account. If your credentials are leaked, the hacker cannot log in since the second layer of authentication also needs to be passed.
Two-factor authentication has been in use for some time now but is still seen as a good-to-have rather than a must-have. For example, if you are a Gmail user, you can implement 2FA, but it is not a compulsion. Your account functions normally without it despite your email containing crucial information. Similarly, social media platforms like Facebook also allow users to guard their accounts through an additional code sent via SMS or third-party authentication apps. But again, there is no compulsion.
Till the time two-factor authentication does not become the norm, our accounts will remain unsafe. If any account credentials are leaked, it can expose many others. For instance, if you log into any of your apps through your email, they are also compromised if the email gets hacked. Similar or identical passwords for multiple accounts also result in such consequences.
The Role of Cryptography and Encryption
Cryptography is a technology that keeps data secure by changing text into something illegible using an algorithm, called encryption. Thus, any third party which should not have access to your information will see the text as gibberish. And the key to decrypt the message only lies with the intended recipient.
Cryptography helps tick multiple boxes when it comes to data protection. Firstly, no unauthorised person can get access to the information to maintain confidentiality. Secondly, the process of encryption does not tamper with the data, so it remains authentic. Thirdly, cryptography ensures that the sender and receiver’s identity is verified and the source and destination of information are correct.
Platforms that use end-to-end encryption and cryptography are thus a lot safer for storing and sharing information. Whether it’s a chatting application or a document manager, you should look out for these systems to ascertain the level of security that they provide.
Cryptography and blockchain have also created self-sovereign identity (SSI), allowing individuals to have complete ownership over their digital identities and personal data shared with others. As an individual, you have the flexibility of showing only what is needed to someone and don’t need an intermediary present to prove your claims. SSIs are gaining momentum have global projects are in place to promote further research and implementation.
If the sheer number of data breaches these days are making you feel unsafe, then by now, you know one of the root causes. Passwords are simply not enough as tools of verification. Solutions in the form of 2FA and blockchain technology are available to make your life a tad bit easier and must be implemented across platforms.
Managing digital identities and privacy will be one of the most significant challenges that lie ahead of us. Each one of us is equally prone to an attack. If hackers are getting smarter with technology, so should we.