It is always possible that a security gap will open up somewhere. There is a data breach. Or malware finds its way into the system. The first step is then usually to create new passwords. However, changing passwords alone is of little help when it comes to ensuring greater security. In this article, you will learn what you should do instead.
Why are new passwords used at all?
Changing passwords is usually the first precautionary measure when there has been an incident. Has data been stolen or has the system been “infected” with malware? The first tip is always: new passwords. Especially secure passwords, of course. It cannot be mentioned often enough: Secure passwords are the first line of defense against attacks by hackers. Insecure passwords are not a wall, but at best a rotten garden fence. They don’t stop anyone who wants to enter the property. However, even the protective wall of secure passwords stands on a cracked foundation. Nevertheless, it is important to use secure passwords and to change them in the event of an attack. The reason is simple: an attack on a system usually affects a specific area of that system. This means that not all areas need to be affected. By changing the passwords, the areas of the system that are not affected should be better protected. An example: An email provider is hacked and user data is leaked. This does not affect all users for a long time. Nevertheless, the provider asks all users to change their passwords, as the attack could go even further. It could also be that the hackers are able to decrypt other passwords using the data obtained. Contrary to popular belief, hackers are not only concerned with writing codes that are intended for attacks. They are also good at analyzing the data they obtain from these attacks.
Why new passwords alone don’t help
The problem with the whole thing, however, is that a new password cannot withstand attacks in the long term. The problem is the password itself. Or rather the concept of the password. Passwords are used repeatedly. Who can remember dozens of passwords for all their accounts? Users use their passwords several times or with only minimal changes so that they can remember them all. So if one password is found out, there is a good chance that others can also be decrypted. This is how hackers gain access to other data, even if passwords are changed. After all, what is the point of changing the passwords in the hacked system if the same passwords are also used for other systems?
What helps instead of new passwords?
So passwords alone are not much help when it comes to security issues. But what about an extension? Let’s build another protective wall around the protective wall. Two-factor authentication is a secure system that hackers can get their teeth into. Provided it is used correctly. There are 2-factor systems which, for example, send an SMS with a code as a second factor alongside the password. Problem: Experienced hackers can intercept the SMS and gain access to the system. This happened a few years ago on the social network Reddit, for example. There, a hacker used an intercepted text message with the second factor to gain access to the Reddit cloud. Fortunately, there are better methods. For example, 2FA with a TOTP code that can only be used with an authenticator such as the one from Reiner SCT. This TOTP code also changes every 30 seconds to provide even more security. An authenticator offers increased security and makes life difficult for hackers.
Conclusion
Although new passwords are not a pointless step, they are not sufficient as the sole security measure. In order to withstand hackers and their increasingly advanced methods, the most modern security method possible, such as an authenticator, should be used.