People treat their passwords irresponsibly

In late May, the Digital Security Alliance carried out a social experiment in Latvia, in which people in the streets were prompted to enter their passwords in a program which, they were told, verified their safety. 

Date 2016-06-22 Author Latvian Safer Internet Centre
picture
The results are alarming – over 30 per cent of people agreed and entered their passwords, thus exposing themselves to potential fraud.
 
In this experiment, which involved more than 330 people, it was observed that friends encouraged entering and verifying a password particularly often. There was even a case where participants of the experiment confessed that once they defrauded video game players of their online money by using people's confidence. Overall, 37 per cent of the respondents agreed to enter their password, meanwhile 63 per cent refused to.
 
The conductor of the experiment commented: "We expected that there would be people who, out of curiosity, would not think hard and enter the password in a rush, but what we see is already a dangerous indicator. This means that a third of the encountered people endanger their money and personal data. The experiment has also shown another negative trend: there are many young people among the frivolous respondents, so that means the schoolteachers and parents do not tell them that a password is an intimate detail that should not be entrusted to anyone".
 
Watch a short video of the experiment here (in Latvian):
 

How to choose a secure password?
 
Passwords are the ‘keys' to your email, online banking account, social network profile and other online accounts, as well as to private devices – computers, smartphones and tablets. A secure password must be simple and, at the same time, complex! That means, it must be simple for you but complex for others.
 
To choose a sufficiently secure password, it is important to take into consideration the following seven tips when creating it:
  • No one else knows it;
  • It is unique and unrepeatable;
  • You will not forget this password;
  • It consists of at least eight characters containing letters, symbols and numbers;
  • It is updated every three months;
  • It is not used to access your other accounts;
  • It is not written down in your notebook, contained in your phone and so on.
CAUTION! When creating a password, NEVER use:
 
  • Personal information and data that can be easily guessed or found out – for example, name, surname, your child's name, your pet's name, date of birth, address, favourite actor, favourite singer, hobby, etc.;
  • Many repeated or consecutive symbols ("0000", "aaaaaaa", "abcde");
  • Symbols following each other on the keyboard ("qwerty", "123456").
How to store passwords in a secure way?
  • The safest place to store passwords is in your memory. However, today, when a person has to remember so many passwords, people have developed individual password creation and storage habits. It should be noted that what one considers as really secure will be considered insecure by another person, and vice versa. Nevertheless, it is necessary to keep in mind the smart advice that our safety depends only on us.
  • If you cannot remember passwords and it is easier to write down and store all passwords in one place, then choose a safe place in your home where they will be stored. Most likely, the place where other important documents are stored will be appropriate. You should not carry this information with you.
  • To store your passwords, you can also use special programs – password managers like KeePass, LastPass, Password Safe, and others. The program creates a database that contains the user's passwords stored in encrypted form. The user has to remember only one master password, which will protect all the rest. It allows the user to change passwords frequently and to create more sophisticated passwords which are harder to guess and harder to hack as they no longer need to be remembered. However, keep in mind that if someone guesses or hacks this master password of the program, absolutely all of your other passwords will be available to him.
 
CAUTION! When storing a password, NEVER:
  • Write them down in notebooks or on papers which are kept in a wallet or purse and carried along with you in your everyday life;
  • Put stickers with passwords and PIN codes on online banking code cards or credit cards. Never carry a paper with a password written down in your wallet or purse.
A purse or wallet can be stolen or lost, and you do not know in whose hands your private property, information and personal data will end up. In these cases, always change all passwords that were stored in the wallet or purse as soon as possible in order to avoid unpleasant surprises.
  • Do not put a sticker with passwords on your computer display; better place it right there on the desk or in the desk drawer.
Everyone who works at this computer will see your password. Once a password is known by another person, it becomes unsafe!
  • Do not press "Remember the password" options that are offered by browsers and other software when a user logs in to a website. This is particularly advisable if it is not your personal computer and it is used by other family members or work colleagues, or even if it is provided for public use in libraries, schools, etc.
What are the risks if your passwords are known by other persons?
 
If your passwords are known by someone else or they have come into hands of scamsters, fraudsters and/or foes, it is a serious threat to your personal and financial security. In this case, perform safety measures: change the passwords to new ones as soon as possible, use security settings and check your accounts for any illegal activities that could have been done through them. If you have found any illegal activities carried out on your account, report it to the relevant law enforcement authorities in order to bring the perpetrators to account.
 
What to do if you suspect that someone else is accessing your social network accounts or emails
 
If you suspect that someone has access to your online account, then:
  • First, change the password.
  • Check the ‘Inbox', ‘Sent' and ‘Trash' folders for any activities carried out on the account.
  • If you have a suspicion or your suspicion is confirmed, you can contact the administrator of your email server/social network, asking for information on all activities carried out in your email/social network account as well as on the IP address from which your email/social network account was accessed, which may later help to identify the perpetrator.
  • If the information provided by the administrator of your email server/social network confirms the fact of intrusion into your email/social network account, then, depending on the degree of violation, if a person has suffered material loss, a claim must be filed to the court in order to identify the person with the specified IP address and to hold him or her to account for the infringements performed.
The following threats reflect the most popular purposes for which your passwords can be obtained and used:
  • To access your bank account and steal money;
  • Using your contacts available in your email - a scamster can send, on your behalf, a fraudulent email for the purpose of defrauding money by specifying a bank account to which the money is to be transferred;
  • To access your photos and other important information in order to ask you to pay money to prevent them spreading your private information on the internet;
  • To inflict personal harm – for example, out of revenge or desire to make you suffer. 
Find out more about the work of the Latvian Safer Internet Centre, including its awareness raising, helpline, hotline and youth participation services.

Related news