From British Airways to Uber, recent data breaches have shown how valuable our data is to cybercriminals – and the lengths to which they will go to access it. The size and impact of these breaches has meant that topics once reserved for tech experts and IT personnel have transitioned into a more mainstream conversation. Revelations about how important our data can be, such as the Cambridge Analytica scandal, have amplified these sentiments and changed the way in which many use digital services altogether.
The result is that consumers, especially millennials, are very concerned about how the organizations they are trusting with their data safeguard their information – and how they will make amends if a breach does occur.
Who Do You Trust?
Millennials are also likely to look outside the box when it comes to checking for data breaches. In our survey, almost 15% said they searched the dark web to find their data, while 13% used data breach search websites.
But while the majority are security conscious when it comes to how businesses use their personal data, many are in fact taking risks when it comes to other forms of data security, like sharing Netflix or Amazon Prime login details with friends and family.
When we consider that it has been suggested up to 80% of the population use the same password for all of their online accounts, login sharers may be inadvertently be sharing their online banking password at the same time as sharing their entertainment account login. It’s clear to see how a problem could develop.
Taking Password Hygiene Seriously
There’s currently a battle going on between security and usability, with businesses and consumers both trying to find a sweet spot between a comfortable service and providing the necessary security.
For consumers, especially millennials, there are some rules of thumb that can help in this battle.
The most important rule is also the most obvious – protect your passwords! Unsecured login credentials are today’s number one tool for cybercriminals to access user information. Usernames and passwords are for sale on the dark web by the millions and, as mentioned before, hackers know people are often using the same password on different sites so they are likely to try using these credentials on other, more valuable, sites.
We all struggle to remember some of the complicated passwords we have to create in order to gain access to some websites. That’s why the temptation to replicate credentials across sites is strong. After all, humans are not meant to remember passwords, and good passwords should be hard to memorize!
One approach to deal with the issue is to use passphrases which are easier to remember. However, this approach can still lead to the temptation to use the same passphrase everywhere and often websites prompt the user to create passwords with variations in letter case, characters, and numbers that are themselves difficult to remember.
A better approach is to let your computer do the hard work and use a password manager. Using a unique random password for each site is the best way to protect yourself from data theft online as if data leaks from one site it will have no effect on the rest of the sites you visit. Personally, since two consecutive breaches that affected me in a space of just two weeks (each coming with a sensible advisory to reset my passwords everywhere) I have taken to using Apple iCloud Keychain to take away the pain of having to generate unique passwords everywhere.
Additionally, use two-factor authentication where available. This will ensure that even if a hacker has your password, it will be very hard to break into the site. Specifically, use two-factor authentication when you log in to your password manager.
Although using a password manager might be considered a risk by itself – you’re putting all of your passwords in one place, after all – security experts believe that the risk is still lower than any other password system. Modern password managers do a great job at keeping your passwords secret. But in order to lower the risk further, never log in to your password manager on an unknown device.