With Christmas looming and the desire to get a good bargain in stores or online dominating our thoughts, often security, common sense and caution get left behind in our efforts to save some of that hard-earned cash in the most expensive month of the year for many of us. Cyber criminals are looking to target careless shoppers in their thousands on the weeks leading up to Christmas, and just like you would be mindful of pick pockets in a busy market place, we all need to be careful not to be caught out online this December!
Earlier today I saw an article on the Digital Forensic Magazine’s website that talked about how Equifax have recently released a really useful infographic on identity fraud and how to keep your identity safe from cyber criminals. The graphic covers some really interesting facts around the steps of identity fraud, how criminals obtain your data, and also how likely you are to become a victim (including through what means) depending on your age group and which demographic you fall into. It is certainly worth a quick read.
However, one part of the infographic I actually disagree with is the section on passwords. The infographic specifically states “Make a habit of changing your passwords regularly” which was old advice published by GCHQ several years ago when it was believed that regular password changes would keep your accounts safe from unauthorised access. However, the newly formed National Cyber Security Centre (NCSC) which encompasses GCHQ, CESG, CERT-UK and several other agencies and bodies under one united banner, published new guidance on password security back in January this year, which turned the previous advice on its head. Due to the numerous debates and discussions that erupted from the guidance the NCSC have since published an article explaining why they changed their advice, which you can read more on here. This new advice very clearly (and understandably) suggests that passwords are not changed regularly, but instead focus is placed on developing fewer, stronger passwords that hold fast over time, rather than forcing a user to change often and have to remember dozens of different username/password combinations through a single year. The theory is that the more passwords you are forced to remember in a short space of time, the weaker and simpler you are likely to make them in order to aid your chance of remembering them.
The latest article states:
“The NCSC now recommend organisations do not force regular password expiry. We believe this reduces the vulnerabilities associated with regularly expiring passwords…while doing little to increase the risk of long-term password exploitation. Attackers can often work out the new password, if they have the old one. And users, forced to change another password, will often choose a ‘weaker’ one that they won’t forget.”
No wonder so many people are confused as to what type of passwords to utilise or generate given the different advice that is floating about, such as the different views of the NCSC and Equifax as I’ve mentioned above. However, what is important in this busy period is to use strong, long, complex passwords for your main accounts, particularly your email account. As this is where you “I forgot my password” emails will be sent to, this needs to be kept safer than most of the rest.
If you are purchasing items online then wherever possible use a credit card, as the loss risk at least lies with the banks over you, and if you are asked to create an account in order to make purchases on that website that happens to be selling the one thing your loved one was hoping to get this Christmas then consider using a different email to your standard email address, or at the very least use a completely different password to that used for your email account. That way, if the site is fraudulent then all they have is your email address, and not access to your account.
With Christmas only three weeks away and people likely to be hunting online for bargains and deals on sites scattered throughout the internet, please do be careful with your own identity, consider the old saying of “if it looks too good to be true, it probably is” and focus on shopping on trusted, known and established sites that use secure connections and where you will be able to shop online in relative safety.
Remember, cyber security is for life, not just for Christmas! (as well as, so it seems, cheesy one liners on the run up to the holidays!) 😉