Don't be complacent! Change your "Password" regularly!

How many times has your email address been compromised? You can find out at Have I been pwned? https://haveibeenpwned.com/

This is why passwords are unsafe and unless you change them regularly enough, you risk being hacked. Seriously don't put your head in the sand over weak passwords. Many people think it won't happen to them, but one day it will. However, with the amount of data breaches that has happened in the past few years, it won't be surprising to learn that your credentials have been hacked several times over.

In one high profile case, British Airways is facing a record fine of ￡183m for last year's breach of its security systems, when details of around 500,000 customers were harvested by attackers. BA initially said information included names, email addresses, credit card information such as credit card numbers, expiration dates and the three-digit CVV code found on the back of credit cards, although BA has said it did not store CVV numbers.

The General Data Protection Regulation (GDPR) that came into force last year was the biggest shake-up to data privacy in 20 years. The penalty imposed on BA by the Information Commissioner's Office (ICO) is the first one to be made public since those rules were introduced, which make it mandatory to report data security breaches to the information commissioner. It also increased the maximum penalty to 4% of turnover. The BA penalty amounts to 1.5% of its worldwide turnover in 2017, less than the possible maximum.

In another example, if you had stayed at a Marriott Hotel (including the Sheraton chain) in the past 5 years, then as likely all your personal information has been stolen. The hack obtained your name, address, password, card details, passport number, date of birth and gender. 339 million records were taken including 33m guest records belonging to Europeans. The UK watchdog plans to fine the hotel group ￡99.2m for the data breach under the new GDPR regulations.

Just recently, credit score agency Equifax has agreed to pay up to $700m (￡561m) as part of a settlement with a US regulator following a highly publicised data breach in 2017. The Federal Trade Commission had alleged the Atlanta-based firm failed to take reasonable steps to secure its network. The records of at least 147 million people were exposed in the incident. At least $300m will go towards paying for identity theft services and other related expenses run up by the victims.

These data hacks are becoming all too common and more companies will likely face more fines as data breaches will continue. Therefore, in order to protect your account information, it is important for online users to update their passwords regularly.

The worst passwords from last year were revealed recently. “123456” tops the list, as it has done for the last five years. For the fourth consecutive year, the next entry on the list is “password”. 

Variations of each of them comprise six of the other 23 entries in the top 25. “123456789”, “12345678” and “12345”, meanwhile, complete the top five. Are you in this list? Many of you will be! Unfortunately, online users are still using very weak passwords which are not only easy to guess by criminals but in many cases people are using the same password for almost everything!

Nowadays we are all expected to make passwords stronger by adding a non-sequence of characters. The man who made passwords so hard to remember regrets what he did. IT expert Bill Burr said that making people remember long, complicated passwords "drives people bananas". Nearly 15 years ago, Mr Burr wrote guidelines for password security for the US National Institute of Standards and Technology (NIST). It included suggestions that passwords should be changed every three months and be made up of a range of different characters.

Actually, there is nothing wrong with using a very strong password but sadly we are all guilty of using easy to remember passwords. Because of the large volume of data security breaches, we have to find alternative ways to protect our personal data, particularly with our bank accounts.

The past two years have been particularly devastating for data security, with a number of well publicised hacks, attacks, ransoms, and even extortion attempts, with millions and millions of records that have been stolen, as shown on the website Information is Beautiful.

Yes, even I am not immune! It happened to me recently. Someone was posing as a good friend of mine who was doing some building work. The fraudster had my friend's email address and was asking for a payment via email. This was because my friend's BT Yahoo account had been hacked and I came close to making a bank transfer. Fortunately, I made a call to my friend to verify his bank details. One thing you should always do is Google the bank sort code to see if a bank is genuine. I discovered this bank sort code was flagged on the internet by many other people who were caught out by this scam! Yes, it was so easy to believe my friend's email. No doubt, other people could be fooled into making these payments. I cannot blame my friend but I suggested he changed his password more regularly. I can only say that everyone has to be more vigilant! If it has happened to you, let me know in the comments and what you have learned from it.

Many leading security experts have been predicting the end of passwords and their replacement with other technology like biometrics including the fingerprint sensor that has made its way into Apple's iPhones and other handsets. Facial recognition is also predicted to be at the forefront of password replacement. But the long strings of forgettable letters have mostly persisted until those technologies become more widespread.

While in a recent report from GMX, found nearly a third of people in the UK still prefer to use passwords to authenticate over biometric credentials. 30% of respondents said that typing a password was their preferred method of accessing their online and mobile accounts. What's more, 22% also said that they like fingerprint biometrics over face or voice.

Of course fingerprints are still more popular because of the introduction of Apple's iPhone 4 and TouchID five years ago in 2014. Face authentication is also gaining in popularity and this too, can be put down to FaceID on the iPhoneX (10). However, in order for biometrics to go truly mainstream, consumers need choice. Therefore a blend of face, voice, iris and fingerprint modalities are needed, particularly because environmental conditions affects all of them in some way, and consumers want reliability as well as convenience.

According to GMX, 30% of respondents had at least 10 different online accounts, with a further 43% feeling overwhelmed by the number of passwords they had to remember. Alarmingly, 8% feel that remembering their passwords was more stressful than changing jobs or getting a divorce. 

Even though 30% of UK consumers would prefer to rely on passwords rather than biometrics, it still means at least 70% have no issue with using biometrics as a trusted credential. Therefore, consumer confidence in biometrics still outweighs the trust and security surrounding passwords.

The survey had shown positive signs that consumers are ready to accept biometric authentication once their data privacy concerns have been met. So it is up to providers to meet those privacy demands by demonstrating that they are complying with all the relevant laws.

In another recent survey from MobileIron, most organisations plan to adopt new authentication solutions within two years. Enabling mobile device authentication with biometric-based access is the best approach to eliminate passwords. They surveyed 150 IT and security managers and looked at a wave of technologies—including device authentication, software and hardware tokens, authentication keys, biometrics, behavioral analysis, certificates, and other approaches—that have emerged to provide alternatives to traditional password-based login processes.

The report revealed that companies are poised to enter a world powered by zero password access to business services. Below are a few key findings:

• More than 90% of respondents indicated their organization experienced a significant password policy violation in the last year.
• Mobile device authentication solutions were determined to be the easiest of all identity management technologies to deploy, while one-time passwords were indicated to be the most challenging.
• Half of respondents believe passwordless approaches to authentication were more secure than passwords.
• Enabling mobile device authentication with biometric-based access creates a “best of both worlds” scenario that ensures easy deployment, high security, and improved user productivity.