What we can learn from top tech advice we never listen to?

23 Oct What we can learn from top tech advice we never listen to?

As part of the 20^th Cybersecurity Awareness Month campaign Emre Tezisci, Product Marketing Manager at Barracuda, shares with us some of the advice we love to ignore (but really shouldn’t).

1. Deleting an unwanted app from your phone may not solve all the issues.

Simply deleting an app won’t necessarily delete any personal data it holds or unlink you from any other accounts you’d connected it to, such as a social media account, or remove annoying adware you installed along with the app – to do this you need visit your app store, locate the application, clear the data and cache, and then uninstall the app.

2. A simple, user-friendly device will be used more than a complex one with loads of functions

All those new features and buttons on the latest model are terribly tempting – but you may barely use or benefit from them because of something call called the “Choice Overload Effect.” This effect is best illustrated using jam.

A famous Columbia University study found that when customers were offered 24 jams to sample, only 3% of them bought a jar, while when they were offered six jams, 30% made a purchase. Too many options lead to choice paralysis.

3. Set a decent password

Your passwords are the keys to your online assets and data and those of your employer – so why wouldn’t you want a strong, unique, hard to guess one? The reality is that simple passwords are easy to remember so we like them, while complex ones are secure but easy to forget and then you’re either locked out or must jump through hoops to think of and set a new password you might just remember this time. All of this is a chore.

A recent report shows that while 91% of respondents claim to understand the risks of reusing passwords – 59% admitted to doing it anyway. Many people aren’t much better at work – when charged with a forced password reset, nearly half (49%) simply added a digit or character to their existing password.

What’s wrong with us?

The list above provides a snapshot of human technology interaction that looks a bit like this:  We want things to be seamless, plug-and-play, and intuitive, with enough choice to add value but not so much as to paralyse decision making. And for all the tricky stuff and hard work to be handled in the background by something or someone else. The requirement to create and set unique strong, complex passwords for every account doesn’t really qualify – and a recent survey found that two-thirds (65%) don’t trust password managers.

What a poor password attitude means for employers

Compromised passwords are responsible for 81% of hacking-related breaches, according to the Verizon Data Breach Investigations Report 2023. What’s more, multi-factor authentication (MFA), designed to strengthen access controls is now being targeted with some success by attackers using techniques such as MFA fatigue.

Let’s pause for a moment. After decades of warnings, people still aren’t routinely implementing strong, unique passwords. Furthermore, password-based authentication is no longer enough to protect identities. Perhaps it’s time to look seriously at an alternative.

The future of authentication is passwordless.

Passwordless authentication is a way of verifying someone’s identity using alternative methods such as biometrics – fingerprints or facial recognition – hardware tokens, or one-time passwords (OTP) sent via email or SMS. Many consumer applications and devices already rely on biometrics, including some mobile phones, banking, and payment apps.

In the business environment the journey towards passwordless may take a little longer – solutions are still emerging and not every organisation is ready to adopt this approach. It’s important to continue to offer all options, including traditional logins, while helping companies to migrate towards a future of continuous and conditional access, with centralised permissions, self-service access grants and, ultimately, a secure, user friendly passwordless experience. At that point, the risk associated with using the name of your goldfish to help authenticate 20 accounts becomes irrelevant.

Emre Tezisci Product Marketing Manager at Barracuda