Very recently, it has been found that almost 50% employees reuse the same password for all their accounts, which puts Corporate Cyber Security at high risk and needs to be seriously reviewed, also, a large number of employees do not password protect their smartphone or desktop, and they tend to click frequently on malicious links without verifying, thus the need to train users to avoid reusing passwords, as they seek ways to make their lives easier.
Let us consider the complex passwords and password reuse, which should convince the users to create more complicated and unique passwords. It has been observed that the number sequence “123456” was the most stolen password, which has topped the list last year as people used this sequence. Had they considered the importance of the same from the security attached to the information and applications that need protection, they would have put in more effort in creating complex passwords.
It is further observed that more people are failing to follow basic cyber hygiene best practices, despite the growing awareness about cybersecurity. They also admitted that they don’t use two-factor authentication (2FA), also that when their internet access is restricted at work, they encounter user permission prompts when requesting access to the systems they need to do their jobs, which irritates them. This is when the IT leaders need to create awareness about their Corporate Cybersecurity Policies and to ensure that users are practicing good cyber protection.
Here is a nice read: State of Authenticity Today
The best method is to create unique and inconsistent passwords for each of your accounts, that way if a password is compromised, it cannot be used to access your other accounts,
People may be tempted to configure the web browser to store their passwords, but this method is insecure because hackers can easily steal these stored passwords to enable cyberattacks and fraud. You may also be tempted to use the same password with little differences for multiple accounts, but fraudsters are good at exploiting this bad habit.
Two-factor authentication (2FA) is an effective substitute for passwords, as it adds a second layer of protection by requiring users to enter something they know or something they have. For example, you use 2FA when you withdraw money from an ATM, as your personal identification number (PIN) is effectively the password and your bank card is the second form of authentication.
In a scenario where your website invites your customers to register themselves, wherein the customers need to fill in their details such as user ID, Password, contact details, etc., it would be advisable to have a secure website with SSL certificate to give a sense of security to the visitors. Read here if you would like to know how SSL certificate works.
Concludingly, for the best security, physical authentication is safer, however mobile app based, SMS based or email-based OTPs, are more convenient to implement, SMS based is cheap and reasonably straightforward.