Mastering Password Security: Unlocking the Power of Passkeys for Better Cyber Protection

(This guide is Part 4 of seven in our Cybersecurity Safety Content Basics Special.)

Quick Tips: Five steps to protecting my online identity?

1) Stay away from public Wi-Fi

Free, public Wi-Fi and hotspots at Starbucks can be great for cutting your data charges and for getting work done on the go. Unfortunately, they’re also notoriously insecure, and infamous for allowing cyberattackers access to see what you’re doing online and access your accounts. If you need to go online in public:-

• Using your phone and a data connection is a more secure option.
  
   
• And/Or use a virtual private network (VPN) to give you online privacy and anonymity by creating a private network from a public internet connection. VPNs mask your Internet Protocol (IP) address so your online actions are virtually untraceable. So using one when you connect to a public Wi-Fi access point is essential.
  
   

2) Use strong, unique passwords to secure your account

No matter how many times it's been said, some of us just don't care and insist on using “Password” or "123456" as our login password. Every account and device should have a strong, unique password. If your primary email gets hacked, and you use the same password across many sites, an attacker can gain access to your whole online identity. They can reset passwords, steal data, send messages to your contacts, or empty your bank accounts. How to create a good one? More on this below.

 

3) Use two-factor authentication whenever possible

Opting into two-factor authentication (2FA) where available, will require you to not only enter your password but use a second form of ID verification, such as a fingerprint or text message code, making it much harder for hackers to gain access to your accounts. Did you know HWZ Forums offer 2FA for its members?

 

4) Limit the personal information you share on social media

Don’t overshare on social media as providing too much information on Facebook, Twitter, and Instagram could make it easier for cybercriminals to obtain identifying information such as your pet’s name, or where you were born. This could allow them the information they need to steal your identity or to access your financial information.

 

5) Always have backups

Back up important information you have on your computer and phone to some form of cloud storage and on an external drive. That way, if something does happen, you can recover your lost information or data.

What are passkeys?

Tech companies from WhatsApp, TikTok, Google, and Amazon have all been talking about passkeys recently.

Passkeys are a new industry standard developed by the FIDO Alliance which counts companies like Apple, Microsoft, Google, Samsung, Amazon, and more as its members. They are said to be a safer and more convenient alternative to passwords and 2FA codes because you log in using a pre-authenticated device and using methods you've already become accustomed to like a local PIN (passcode), your fingerprint, or face recognition. Importantly, this data isn't shared with a company and the passkeys themselves only exist on your device meaning that no password can be stolen in a phishing attack.

Passkeys are also replacing passwords as the authentication method of choice because they are more secure than passwords. 

Are passkeys more secure than 2FA?

According to Google, using a passkey is more secure than 2FA. The company added that when you use a passkey to sign in to your Google Account, it proves to Google that you have access to your device and are able to unlock it. Together, this means that passkeys protect you against phishing and any accidental mishandling that passwords are prone to, such as being reused or exposed in a data breach. “This is stronger protection than most 2SV (2FA/MFA) methods offer today, which is why we allow you to skip not only the password but also 2SV when you use a passkey,” Google said in a security blog. 

Can a good password solve the login security problem? What makes a good password?

Using a strong password is important because it helps protect your personal and sensitive information from unauthorised access. Unfortunately, people tend to use the same password across all of their online accounts. Or use common terms and words making them easy to guess. Some users even use the same password to secure their personal and work accounts. If a hacker successfully compromises a frequently used password, they can gain access to all of the accounts that the password protects.

According to Microsoft, a good password is a combination of uppercase letters, lowercase letters, numbers, and symbols. It shouldn’t be a word that can be found in a dictionary, the name of a person, character, product, or organisation. It should also be significantly different from your previous passwords.

One way to create a good password is to use a passphrase. A good passphrase should have the following attributes:-

• At least 15, preferably 20 characters and be difficult to guess.
• It should contain upper case letters, lower case letters, digits, and preferably at least one punctuation character.
• No part of it should be derivable from personal information about the user or his/her family.

For example, you can use the first letters of your favourite movie or phrase and add numbers and symbols. For example, “No Luke, I am your father!'' becomes "NLiayf12!@".

 

While this article is just a primer for cybersecurity safety, it belongs to a 7-part series of articles for consumers to take easy, actionable steps to better prepare against online security threats and what you can do to stay safe. Stay tuned as we roll out more stories over the next few days.

Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.