At the joint training of NIOK Foundation and Microsoft Hungary, Milán Kiss, expert of Microsoft drew attention to the following:

Weaknesses of your digital identity

  • Weak passwords: You would not believe how many people use the passwords ’12345’ or ’qwerty’ or ’password’ that provide an easy-to-break interface to attacks that operate with randomly chosen passwords – so-called password spraying attacks - that are now already carried out by robots and artificial intelligence, and this way accounts can be hacked in no time.

  • Stored passwords: The password saving features of browsers may well be a comfortable option but it is unfortunately also a risk. Through remote access that you might give to a stranger (hoping for help with an IT-problem) your stored passwords can be saved easily and this even goes unnoticed by the average user.

  • Chains: Your email-system, social media accounts, such as Microsoft, Gmail and Facebook are identity providers as they store personal data that can identify you. This data they can share with other applications for they serve - as a convenience service – as gateways to many other services like Spotify or Netflix etc. This way you do not need to set a new user name and password everywhere but it poses a risk just as the recovery email address/account for your email account. Through these chains an attacker can access the other accounts by hacking one of them.

  • Data phishers: Beware of emails, chats from strangers – even if they claim to be long forgotten acquaintances. They may well try to extract personal data (which might be a basis for your password) through chatting or directing you to a website where you have to provide them.

What can you do?

  1. 1. Think about what identity providers you have (e.g. Gmail, Facebook, Microsoft) and what additional systems they authenticate.

  2. 2. It is essential to set strong and different passwords for each account and to update them regularly.

  1. 3. For password recovery chose a way that is connected to a personal device (e.g. a code sent to your mobile phone) rather than another email address.

  1. 4. Do not save your password in the browser; delete saved logins.

  1. 5. Request a security notification when someone wants to log in to your account.

+1

As passwords themselves pose risks – they can be found out, stolen or cracked – according to the expert the near future of digital identity protection is passwordless authentication (and for many people it is already present): instead of/in addition to a password choose mobile, fingerprint or iris multi-factor authentication. These authentication methods are much more difficult to circumvent therefore they may provide greater safety.

Sources: NIOK Foundation

If you want to know more about how to protect yourself and your organization against cyber threats, JOIN OUR ONLINE "DIGITIAL SAFETY AND SECURITY" COURSE NOW.