The White House wants you to ditch your password and "lock down your login"
We live in an age of massive cyberattacks – like the recently revealed hack on Yahoo that saw 500 million email accounts compromised back in 2014. News like this is worrying for consumers who want to keep their online information safe from hackers. This is where the White House and the National Cyber Security Alliance (NCSA) come in. They’re teaming up with more than 35 companies, from Google to Microsoft to MasterCard, to launch “Lock Down Your Login,” a new campaign to educate consumers about the importance of ditching traditional – and vulnerable – passwords and adopting stronger ways to secure their accounts.
“We were basically approached by the White House. The president wanted to do something on online security education and awareness, and the White House thought strong authentication was an important point to stress,” Michael Kaiser, the NCSA’s executive director, told CBS News.
Kaiser said the “Lock Down Your Login” campaign will urge consumers and businesses alike to be more cognizant of the security threats posed by traditional username-password combinations that many cybersecurity experts see as behind the times in the face of increasingly sophisticated and widespread hacks. The NCSA reports that an incredibly high 72 percent of all Americans believe that their accounts are already secure with just a username and password.
As we live more of our lives online, there’s more at risk. The Pew Research Center reports 73 percent of Americans go online daily, while one in five say they’re constantly connected. Whether email, Facebook, or our online shopping accounts, many of us are continuously sharing personal information – often in less-than-secure ways. Kaiser stressed that consumers have to take steps to better fortify their accounts.
He singled out one statistic in particular. “Seventy-two percent of Americans feeling comfortable with their passwords – and we are shocked to see that,” he said. “With all these hacks, everyone would think the opposite, one would think that people would feel less secure. One of the best things that we think people can do really is to look at the services that they use and see if there is some strong authentication available to them.”
- Beyond passwords: Tech companies seek next generation of security
- These were the 25 worst passwords of 2015
Security trends have been moving beyond the standard password for the past several years now. Whether a growing emphasis on biometrics, like fingerprints, or two-factor authentication, which requires users to give confirmation beyond their username and password – like a one-time code from a text message – to access an account or a service online, there are a number of ways to raise the bar on how we secure our personal information.
As the Yahoo hack proved, tried-and-trusted email systems are not foolproof. Earlier this year, a report from internet security firm TeleSign revealed that 69 percent of security professionals believe the old-fashioned password is no longer a sufficient security measure. The same study found that 72 percent of these experts feel the password itself could go the way of the dinosaur, and that their companies could be completely password-less by 2025.
TeleSign is one of the firms that has joined in on the “Lock Down Your Login” campaign.
“One of the bigger problems is password reuse. Almost three quarters of user accounts use duplicate passwords from other sites and in doing so, when you have major data breach, like Yahoo that contains user credentials, hackers go out and take credentials and then use them on other sites to gain access,” Brian Czarney, senior vice president of marketing at TeleSign, told CBS News. “If users haven’t enabled a strong form of authentication, then they put themselves at risk.
The seeds for “Lock Down Your Login” were planted back in February when the White House called for more consumers to adopt extra, more stringent forms of authentication, CNET reports.
“By judiciously combining a strong password with additional factors, such as a fingerprint or a single-use code delivered in a text message, Americans can make their accounts even more secure,” the Obama administration stated in a fact sheet announcing the Cybersecurity Action Plan.
Of course, getting people to adopt methods of security beyond what they are accustomed to is easier said than done.
“That’s the billion dollar question – how do you move people over the edge and do something about it, to adopt more secure ways to protect their information? A lot of people get apathetic and think ‘it’s not going to impact me,’” Mark Hocking, vice president of Intel Security Group and general manager of Safe Identity, told CBS News. “One reason why people do what they do is that it’s easy to just use the same password over and over again from site to site. That’s not safe.”
Intel is another company that has joined the campaign. Hocking stressed that it is important that cybersecurity has become a part of the larger national discourse.
“We view passwords as one of the biggest security challenges for consumers right now. This issue is one of the biggest headaches for consumers, which is why we embarked on working to solve the problem, this big macro problem. This campaign is a good indication of what a big deal it is to have the government talking about it, to even have cybersecurity brought up in the recent presidential debate,” he said. “This campaign is the perfect partnership to expand the voice of awareness among consumers.”
Kaiser of the NCSA said that the campaign is launching at the perfect time. October is National Cyber Security Awareness Month, and his organization will be leading a series of awareness programs to emphasize the importance of keeping consumers’ account information safe online.
“In the end, this campaign is a great example of how the private and the public sector can work together,” Kaiser asserted.
Czarney agreed, adding that this will only become a more pressing issue down the line.
“It’s always difficult to get people to change something, to think about a new way of doing something,” Czarney said. “One thing that is going in our favor of spreading the word is people’s increased awareness of attacks. The sheer number of breaches occurring this year has us on track to be the largest number of breaches ever recorded. There’s no slowing down, which is why campaigns like this are important.”