Single-Password System May Be Unsafe

Sam Shepard, Staff Writer

Central Connecticut implemented a policy of having a single password for Bluenet, email, billing and other services last semester. While this new system may be convenient by eliminating the need for remembering multiple passwords between Bluenet and Microsoft Outlook, it could come at a serious security cost.

“If the password becomes known, either through a hacking attack or because the person shared it with somebody, then it can be used on different accounts. That generally lowers the security of the account,” Computer Science Professor Hans Rieke said.

CCSU students have been targeted multiple times by scan emails, according to the University Information Technology Department. Such emails are usually sorted by Microsoft Office into the junk email bin, but there are times when those emails escape the bin and pop up in the student’s inbox.

These emails are designed to look like official emails from a department or another student. Unfortunately, there are times when a student responds to such emails. This is when having a single password becomes a problem. Now that they have access, the hacker can clone the victim’s login credentials and steal their information.

To combat data breaches that are caused by single passwords or weak passwords banks, Rieke suggested two-factor verification. The way this works is that, in addition to a password, an email, text or even a push notification on a smartphone is used to verify the information of a user.

“Two-factor authentication is a good development. It is definitely more secure than just using your password. It is definitely better to use two-factor authentication than using a simple password,” Rieke stated.

Rieke also advised against accessing an account over an unsecured WiFi connection or against using a dictionary password.

“Somebody can easily spoof [a public] network and people might use it to log in. There is a good chance the hacker can read your password,” Rieke explained. “A dictionary password is not a good idea because it can be broken by brute force. Somebody just generates all words in the dictionary then its very easy to break.”

There are more emerging technologies that are combating data breaches due to weak passwords. A password manager is one of them.

“I would strongly recommend [using] a password manager. That allows you to have a unique password for each account. And password managers include password generators [that generate passwords with] random combinations of letters and numbers and special signs. They are the best,” Rieke said.

There are other forms of verification developing, including facial-recognition software and touch recognition. James Robinson, a CCSU sophomore, thinks it will be beneficial.

“I think that sites should offer multiple forms of verification. Especially since touch screen technology is fairly common now,” Robinson said.

Having a single password or a weak password for multiple accounts is not just dangerous for consumers or students, but multinational corporations as well. In a report released by Verizon’s 2016 Data Breach Investigation Report, 63 percent of 100,000 data security incidents were caused by weak or stolen passwords.

“This not about some people you know sitting at home in the basement try to break in, but is now a very coordinated attempt from different nations with a lot of resources and that is another reason to take this seriously,” Rieke said.

Expeerts say cybersecurity is something to be keenly aware of. Never reuse your password. Keep your passwords unique. Stay away from scam emails. And always change your password from time to time.