Did you just Forgot where you placed that sticky note of yours again?

password reset

What if I told told you it’s better to forget your password than noting it down in a sticky note, would you believe me? Well, I’m here to share some insight..

January 22/2020 –250 Million Microsoft email and Internet Protocol addresses breached, January 28/2020–10,000 LabCorp patient records exposed(names, addresses, social security numbers), January 29/2020 — UN Servers compromised, February 11/2020 — US defence agency(DISA), suffered a data breach, February 21/2020–330,000 Slickwraps’ customer data breached, March 5/2020–Virgin Media DB containing personal information of 900,000 people accessed by unknown person, March 5/2020 — Comparitech security research team discovered over 200 million US residents personal data from an unprotected Google cloud server, March 11/2020 — Brazilia biometric solutions company Antheus Technologia suffers a data leak and other security flaws, March 11, 2020 — The Dutch government admits to losing two external hard drives that contined the personal data of more than 6.9 million organ donors with records ranging from 1998 to 2010,

Here are some of the key methods as raised by SentinelOne(Now offering one of the best endpoint security software that defends every endpoint against every type of attack, at every stage in the threat lifecycle.)

  1. Local Discovery ->Occurs when you write down or use your password somewhere where it can be seen in plain text. The attacker finds the password and uses it, often without your knowledge that the password has been leaked.
  2. Brute Force -> In simple words, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.
  3. Credential Stuffing -> Credential Stuffing, also known as list cleaning and breach replay, is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts.
  4. Password Spraying -> This is a type of cyber attack that attempts to access a large number of usernames (accounts) using commonly used passwords.
  5. Phishing -> Phishing is a social engineering trick which attempts to trick users into supplying their credentials to what they believe is a genuine request from a legitimate site or vendor e.g gmail, facebook, apple etc.
  6. Keylogging -> This is the action of recording the keys struck on a keyboard, typically covertly, so that person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program.
  7. Extortion. -> Somebody demands you give them your credentials. No subterfuge involved. The deal is you give your password or they do something you won’t like.

Has someone you know ever got into one of the situations above?

Back to the motion now. Between noting down your passwords and resisting the urge of noting them down, which do you think is stress free and better in terms of security than the other? Both are bad security measures but on finding the better measure between the two, I believe there will be a more awareness on their pros and defects. Let us first view the Pros and Cons between the two.

Pros:

  1. Hard to find and steal since the attacker needs to be in the same physical location as you to acquire the password.
  2. One can write down strong passwords and passphrases as their is no need to remember.

Cons:

  1. One can easily misplace the paper forcing the user to reset all credentials.
  2. Can easily be discovered by a colleague or family member if used in an environment with more than one person.(exposed to other people)
  3. Lost papers with passwords can fall into wrong hands.(someone with a malicious intent)

Pros:

  1. Forces user to update password more frequently.(in case of a data breach that no one is aware of, one might have just done a password reset just after a breach hence protecting him/herself.)
  2. You can easily create strong Passwords and Passphrases and reset them in case of urgency on the next visit on the site of your choice.

Cons:

  1. Time consuming as some password resets are frustrating in the huge process of reset measures involved(e.g answering security questions, providing phone number etc).

Having outlined some of the Pros and Cons in the two measures, I leave the final review as to which method is better to be answered by you. On my own view I think resetting my passwords is better than noting down my credentials as the written materials can easily be found by anyone.

In case you need a password manager, checkout(Dashlane, Zoho Vault, Keeper Password Manager, RoboForm 8 Everywhere, Keeper Password Manager & Digital Vault, 1Password, Password Boss, Sticky Password Premium, Bitwarden Premium and LogMeOnce Password Management Suite Ultimate for pros and LastPass and Myki Password Manager & Authenticator free ones). Compare them and find one that will work out well for you. A password manager tool is a software that helps users encrypt, store, and manage passwords. The tool also helps users create secure passwords and automatically log in to websites. Users should employ unique passwords for each website or system to help minimize the impact from the breach of one website or system.

“If you reveal your secrets to the wind, you should not blame the wind for
revealing them to the trees.” ~ Kahlil Gibran

“Knowing is not enough; we must apply. Wishing is not enough; we must do.” — Von Goethe