Here’s a scenario.
You’re signing up for an nth work-related account and you’re being asked to enter a strong and unique password, with all the bells and whistles: a mix of upper- and lower-case letters, plus a symbol and a number (or two) and a total of at least 10 characters. You think of the perfect, ‘unique’ and secure password you’ve devised – one that you’ve been pulling effortlessly from memory, aka your go-to password – and decide to go with it. Computer says ‘Password accepted’ and you go on with your day.
All may seem well and good but what’s really happened is a lapse in cyber hygiene. When this occurs, you’ve opened doors for hackers to steal your data. We all know this: passwords protect the personal credentials that are linked to almost everything you do online. Have a think about how many personal and work accounts you access every day… isn’t that quite a lot of personal information for the taking? And don’t forget, personal credentials aren’t only linked to data. They’re also linked to the hard-earned savings sitting in the bank account that you access online. Plus, hackers may not target just your personal information. They may infiltrate networks and wider databases of information, which can endanger a host of people and organisations.
4 steps to achieve online password security
To stay out of harm’s way – aka not become the loophole that cyber criminals are ready to exploit – it’s best to keep a cyber hygiene regimen. Here are the steps to follow:
1. Create strong, unique passwords and PINs because ‘This is the way’
Recycling passwords, no matter how strong they are, is the biggest contributor to password-cracking incidents. An upside to this is that if more people – like you! – were to fight the urge to repeat their passcodes, across different accounts, security around the internet would be greatly increased. The recommendation is to create a unique, complex password for each personal and work account.
Keep these three pointers in mind for strong passwords:
(i) use a minimum of 12 characters where possible;
(ii) use numbers, symbols and upper- and lower-case letters; and
(iii) avoid names, dictionary spellings and sequential characters (i.e. 123456).
2. Use Multi-Factor Authentication (MFA) when given the option
MFA refers to the combination of a password with at least one of the following elements:
(i) biometrics (fingerprint or facial recognition), or
(ii) identity authentication or a unique PIN via a separate personal account or device.
Multi-factor passcodes add on a layer of security and are recommended when it comes to protecting health, financial, insurance and other confidential accounts.
3. Keep your passwords to yourself (only pets are exempted)
Keep your passwords, PINs and OTPs secret, as any compromise could lead to the theft and use of your personal credentials. I mean, who can forget the OCBC phishing scandal from last year? So, what can you do? Don’t share your password, PINs or OTPs with anyone; don’t write them down; and don’t let others watch you when you type them in.
4. Store your passwords safely – like your life depends on it
There’s just the tool to help you fulfil the first three checkpoints. A password manager, which acts like a digital safe, lets you create strong, unique passwords and beyond that, allows you to manage usernames, passwords and PINs for all your accounts. A master password is all you need to access this information vault.
Extra tip: Avoid storing your passwords within your internet browser. It may seem convenient but not all browsers are built to store usernames and passwords securely.
Did you know?
Studies have shown that a hacker can almost instantly crack a numbers-only, 10-character password, while it will take them approximately 430 trillion years to crack an 18-character password that features a mix of numbers, symbols and upper- and lower-case letters. Security takes effort, but being stringent and meticulous with your passwords will make for a safer and more pleasant online experience.
In the near future… hopefully?
Passwords have been likened to “cockroaches of the internet”. They’re often used within networks that are open to knowing, prying eyes, and are therefore unreliable and the cause of a lot of problems. And as miserable as it sounds, it is what it is, for now. Passwords are necessary.
The good news is we have been moving towards a password-less future. The Fast Identity Online Alliance (FIDO), a tech group comprising companies such as Apple Inc., Google and Microsoft Corp., has been working on a system that allows users to log into their accounts with their smartphones and computers. The technology involves PIN codes, facial and fingerprint recognition. The improved login process will see users move between accounts via their personal gadgets, with no human-readable information passed over hackable networks. That’s something to look forward to!
Important note
If you've shared OTP information with a third party and would like to report an alleged scam or fraud attempt, please send an email to [email protected] with the following details:
- Approximate time and date of the alleged scam or fraud
- Communication channel used (i.e., SMS, email, etc.)
- A copy of the scam or fraud message, if available