INTERNET users are being urged to not rely on passwords – and check their account settings today.
Anyone who uses big services with lots of important data – like Google, Facebook or Outlook – must act, cyber-experts warn.
We’ve known for years that passwords aren’t a great protection against hackers.
But even strong passwords that you only use for one app at a time aren’t a perfect solution.
Now security experts at cyber-firm Malwarebytes Labs are warning users not to rely on passwords alone.
“As computer and internet use exploded over the past forty years, the number of passwords each of us must remember has climbed precipitously,” the experts said.
“It simply isn’t possible to remember that many passwords, and the number of passwords we need to know probably exceeded the number we can remember decades ago.”
Cyber-experts are urging users to adopt password managers.
These are apps that store your passwords for you, so you can use complicated ones without remembering them.
If you have an iPhone or another Apple product, you can already use iCloud Keychain to do exactly that.
But even password managers aren’t enough.
“We may have been seriously overestimating the importance of them,” Malwarebytes Labs warned.
“A strong password won’t protect you from a credential stuffing attack, phishing, or keylogging malware, for example.”
Instead, the experts say we must begin using two-factor authentication as much as possible.
That’s when you’re given a code – often via SMS – to log into an app, in addition to your password.
“The simple act of having to type in a code from an app alongside your password is a game changer—it kills credential stuffing, password spraying and brute force attacks stone dead,” Malwarebytes Labs explained.
“So, from now on, my password advice is this: If you have time and energy to spare, find somewhere you’re not using MFA (multi-factor authentication) and set it up.”
You’ll usually be able to find this in your password settings on any app you use.
Sadly not all apps offer two-factor authentication – but you should activate it where possible.
Passwords, bye bye!
Apple has even gone as far as trying to ditch passwords altogether.
iPhone owners are being urged to try a new system that replaces passwords entirely: Passkeys.
It was added in the latest iOS update, so first check if you’ve got iOS 16 by going to Settings > General > Software Update.
Instead of signing up (or logging in) to a website using a password, you’ll use a Passkey.
This is a digital key that you don’t have to remember.
And you simply authenticate who you are using your fingerprint (Touch ID) or face (Face ID) on an iPhone or Mac.
It’ll be just as quick to log in, and means you’ll have a login that simply can’t be guessed or leaked.
Your Passkeys are stored on your devices, but will sync across multiple gadgets using Apple’s iCloud Keychain – which already exists to track passwords.
Nobody can read your Passkeys, Apple included.
And it means you can’t be tricked into handing over a password through phishing – because you won’t have any information to hand across.
The ultimate plan is to allow Passkeys to work on non-Apple devices too, including Windows laptops and Android phones.
Microsoft and Google have both been developing passwordless systems for years.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at email@example.com