The number of security breaches in 2021 significantly surpassed the one in 2020, and this unfortunate trend is set to continue in 2022. With many cybersecurity experts dubbing 2022 “the year of the breach”, your personal and financial information will be even more vulnerable than before.
So, with the exponential rise of security compromises and an increasing number of hacked accounts, what can you do to bolster your account safety? While this issue is worrying, you’ve come to the right place if you want to find out how to keep your account secure. We’ve prepared the best account security tips for online users in 2022 that will help you protect your valuable data from hackers.
The Perennial Problem of Hacked Accounts
Although we’re just less than half a year into 2022, there’s already been a massive number of breaches during this period. According to research and sources provided by the security company lookout, the likelihood of your email data being exposed on the dark web is 80%. This is a staggeringly high percentage that paints a bleak picture.
To look into specific numbers, close to 300 million people were affected by some sort of security breach in 2021. Even more worrying, experts predict that the numbers will look even worse by the end of this year. It’s clear that there’s a permanent issue of hacked accounts and that most people can’t stay ahead of the curve when it comes to protecting their valuable data.
Your Account and Password - What’s the Catch?
Password-based authentication has long been the default standard in modern technology. And, while passwords are the most common authentication method, they are far from the best one. To be fair, passwordless authentication does work to a certain extent. However, there are just too many inherent faults to the system that often cause security problems.
For example, most users tend to use weak passwords simply because they are easier to remember than complex ones. Some users even reuse passwords across multiple accounts. Both practices make it easier for hackers to guess the passwords and gain entry through automated attacks.
Moreover, passwords are also susceptible to phishing attacks. If you accidentally expose your credentials as a result of a phishing attack, the end result is almost certainly a hacked account.
To add to all of this, the unfortunate truth is that most online users also have poor password hygiene. Recently, Bitwarden conducted a detailed survey regarding common password management practices. Among the plethora of worrying information they found is the stat that says that 55% of all global respondents rely on their memories to manage passwords.
Despite there being an increase in respondents who use password managers and 2FA methods, it’s still not very encouraging to see that over half of all users rely on their memory. Perhaps this also explains why 21% of all respondents also said that they reset their password every day or at least multiple times a week.
Most Common Password Attacks
Typically, you can classify password attacks into four separate categories. Here’s a closer look at each of them:
- Password Theft - The most common method of password theft is through the aforementioned phishing attack. It can also occur due to malware or a different hacking tool.
- Password Hash Cracking - If an attacker can retrieve your password hash, they can crack your password by comparing it to other passwords that have been pre-computed.
- Password Guessing - Sometimes, attackers can gain access simply by guessing your password. They can do so manually or by using an automated tool that will run through many possible combinations in a short period. The simpler your password is, the quicker they will be able to guess it.
- Bypass or Unauthorized Password Reset - Most services we use daily allow you to self-reset your password. Hackers often take advantage of this to reset or bypass the password without the account holder’s knowledge.
How to Keep Your Accounts and Passwords Secure from Hackers?
Knowing the most common threats passwords, especially weak ones, bring to the table, you can take effective steps to secure your account and password. In view of this, we’ve already done a thorough guide on NIST password guidelines that we definitely recommend reading if you’re not up to the latest recommended password policy practices.
Regrettably, most users still have passwords that are as easy to crack nowadays as they were a decade ago. Some of the most common passwords that were the cause of data breaches include number passwords like 123456 or 123456789. Looking at the letter password combinations, the most commonly breached accounts used passwords like “qwerty” or simply the word “password” as their password.
Hopefully, you don’t have any such passwords on any of your accounts. Still, to give you a short version of the guidelines, keeping your accounts and passwords safe from hackers involves making sure of a handful of things. The top recommendations and security practices include:
- Alphanumeric Passwords - Combining letters with numbers has long been the standard for crafting secure passwords. However, new NIST guidelines recommend thinking outside of this and creating your passwords by comparing them with those passwords that often lead to leaks.
- Long Passwords - According to the latest NIST password guidelines, your password should ideally be between 8 and 10 characters. Moreover, the guidelines also advocate for passwords of up to 64 characters in the form of a unique sentence only you can guess.
- Hints - If you use common everyday hints that anyone can find out, your account will be easier to breach. That’s why you should use strong hints or, even better, replace hints with a multi-factor authentication method.
To go a step further, you can also implement a FIDO-based approach and introduce FIDO technology for secure passwordless logins. FIDO2 technology is becoming prevalent with each passing year, and many big vendors and businesses already support it. To name a few, Google, Microsoft, Facebook, and Apple are just some of the big names that support passwordless authentication.
Image: FIDO Alliance
A Couple More Account Security Tips
Hopefully, the guidelines we’ve provided on this page have helped you learn how to secure your account from hackers. But, before we leave you, we want to share a few extra tips and tricks that will help strengthen your account security. With that in mind, here are additional pointers for keeping your accounts and passwords secure:
Use a Password Manager
You’ll have a hard time remembering dozens of complex account/password combinations. The good thing is that you don’t have to do so. You can avoid this while still enjoying the benefits of strong passwords simply by using a trusted password manager.
Some users are wary of using a password manager because they fear that attackers could more easily access all passwords simply by exploiting a single point of failure. That said, this isn’t something you should really worry about, especially if you practice reliable safekeeping habits for your password manager.
Turn on 2FA
Two-factor authentication is a must-have in 2022. It adds an additional layer of protection so that, even if a hacker gets ahold of your password, they are still blocked from accessing your account. Understanding the value of this security feature, you should enable 2FA for every platform and service that offers you this option.
Buy a FIDO Security Key
Lastly, arguably the best way to ensure a secure account login process every time is to buy a FIDO security key. An all-in-one solution like the Hideez Key offers FIDO-based passwordless logins and helps you manage your passwords on sites and services that don’t provide FIDO2 support. Moreover, it offers you excellent future-proof value, as it’s only a matter of time before all services will transfer to this system.
Additionally, you can use the security key for proximity logins for Windows computers or physical access to your place of business, home, gym, or any other venue utilizing the built-in RFID tag.
These benefits aren’t only reserved for individual users. We also offer an enterprise version. It features a centralized FIDO2 server that your IT admins can manage to ensure maximum protection and streamlined passwordless use. Employees can use the Hideez Key or the Hideez Authenticator mobile app to log into their workstations.
