Give the gift of no more passwords

When a hacker exploited a reused and compromised password for an account connected to a Ring doorbell last week (and spoke to the family’s children), it darkened the holiday season for many. The mainstream media focused on the access to the Ring doorbell—understandably so, because safety in the home and the ability to protect what’s precious is a right every family should have. At Rubica, we’d like to help prevent this kind of tragedy from happening again by strongly suggesting a New Year’s Resolution for digital safety: use a password manager and multi-factor authentication.

Why people re-use passwords

From 2003 to 2017, companies and tech-savvy individuals repeated the password rotation mantra (the practice where people rotate their passwords every 90 days). They learned it from Bill Burr who crafted it while working with the National Institute of Standards and Technology (NIST). He has since adjusted his thinking and now gives different advice.

Rotating passwords every 90 days is no longer the best practice. Now he recommends you use passphrases. Why did Burr change his tune? Because managing password rotation creates worse security patterns for most people.

The online password TLDR

Here is the most important tip: to ensure you are exercising good cyber hygiene, use unique credentials for each and every app or service. A password manager is a fast and easy way to upgrade from reusing passwords to cryptographically secure, random password generation. Once you finish that upgrade you only have to remember one very secure password, then never need to change a password unless there’s a breach.

Why multi-factor authentication (MFA) is a lifesaver

Some may argue that password rotation is important. I strongly disagree. If you’re using unique credentials and the site hasn’t been compromised, you are not adding extra security by rotating your passwords. Going a step further, even if your password is compromised in a data breach and you don’t know about it, but you have two-factor authentication or multi-factor authentication (2FA/MFA) on your account, you are safe until you get around to updating the credentials.

What allowed hackers access to the Ring doorbell was:

1 – Having reused credentials that were entered (and compromised) on other sites and not using unique credentials for their Ring account.

2 – Not using the additional layer of security that Ring provides with 2FA.

Everything and everyone is a target

Malicious attackers have no morals. It doesn’t matter to them if you’re rich, poor, old, young, tech-savvy, or not tech-savvy, you are a target. They attack people with poor cyber hygiene for entertainment, hacker prestige, and for financial gain. Protecting yourself online makes you physically safer. Combining a digital bodyguard like Rubica and a password manager now offers some of the same protection as a physical bodyguard. Tools like Rubica and MFA are an extra, powerful invisible presence watching over the access to what’s precious.

Your password gift to yourself and yours

Half of adults re-use passwords across all online accounts. This year consider a password manager like LastPass or Dashlane and make sure that every account or service you use has a unique password—no more rotating unless there’s a breach. Bonus: add 2FA/MFA to any accounts that support this feature. This is where layers of security will go into action and help guard what’s precious to you, keeping them safe and secure.