Did you know that 81% of hacking-related breaches are a result of compromised passwords?
Passwords are incredibly easy to guess, break, and phish. Not to mention, passwords are often reused, shared insecurely, or consist of personal information (names, birthdays, pets) that anyone could easily find on social media.
And while there are ways to make passwords safer, we are also witnessing a real-time game of cat and mouse emerge. As our passwords and policies get stronger, phishing attacks become more frequent and sophisticated.
To learn more about phishing, check out this article.
What can you do to say ahead?
A good start is to use a password generator (so that you are protected with strong passwords to begin with) and enable two-factor authentication (2FA).
What is 2FA?
2FA is really just authenticating with two things. Strong 2FA consists of something you have (ie your phone, face, email, text, etc) and something you know (usually a password or pin)
The purpose and power of “something you know” is that it’s a secret. The problem is that remembering a bunch of unique passwords is actually pretty hard to do.
In reality, most people either use simple (insecure) passwords that are easy to remember, reuse the same password for multiple accounts, or write their passwords down and store them insecurely.
Let’s say you use the same password for your Spotify login as you do for your email. If someone finds out that password, and Spotify emails you the code for the second factor of authentication, the bad actor then has access to both factors of authentication, and can easily break through to access your account.
So while 2FA is a more secure option, if you use insecure passwords, your information could still be at risk. You can read more about 2FA here.
The safest approach: Use multi-factor, eliminate passwords.
At LockDown, we’ve created patented technology that eliminates the need for passwords, and heightens security with strong multi-factor passwordless authentication.
On LockDown, proprietary technology turns your phone into your private digital identity. This means for anyone to access your account, they would need to have your phone, get past your biometric to gain access to your apps, then get past your 4-digit PIN to get into your LockDown account.
When a person uses LockDown, they have:
1st factor: Physical possession of your smartphone (each LockDown user’s private keys are stored only on their device and are tied to that device). Something you have.
2nd factor: Pin or Biometric (thumb or face scan) authentication used by the smartphone to get into the smartphone. Something you have.
3rd factor = 4 digit PIN. Something you know.
The 4 digit PIN is stronger as something you know if it doesn’t need to be written down and therefore only lives secretly in your head.
And, even if your phone is tampered with (cracked), it will not expose your PIN or allow attackers more than 5 attempts in 10,000 possible combinations.
What does this mean for LockDown users?
LockDown users can enjoy the peace of mind that their sensitive information isn’t at the mercy of a password that could be phished or stolen. Instead, our patented technology makes signing into LockDown fast, easy and significantly more secure.
If you’re reusing passwords, sharing passwords insecurely, or don’t have training on how to spot a phishing attack, we recommend changing all of your passwords (making each one unique) and using a secure method to store them. You can store your passwords on LockDown or find a full list of our recommended security best practices here.
If you need to communicate privately, store secure information, or take sensitive data off of email, text, or Box, you can download LockDown for free and enjoy end to end encryption with the peace of mind that you control your information, not anyone else.
If you’d like to learn more about LockDown for Business, you can contact us here.