As CTO at MobileOps I am often asked about cybersecurity. Cybersecurity is a vast, complicated domain and given that the terrain is always shifting, I think it’s best to harbor a degree of paranoia in order to stay on top of potential threats. Given my background in the DevOps and infrastructure automation space, I’ve brought a healthy degree of paranoia and have applied it to the MobileOps platform in the form of our security plan.
Another looming threat
Despite all the precautions we take on the infrastructure side, one of the greatest threats to our customers is if employees use the same passwords across multiple online services. How come? It’s fairly common to use the same password (or the variation of the same password) for multiple online services. It’s OK. A lot of people do it. For example, someone named Joe may utilize the following services and use the same email and password combination for each:
- Netflix password: idaho123
- Bank of America password: idaho123
- MobileOps password: idaho123
- Target password: idaho123
Say Target has a data-breach and account passwords are stolen from a database. The list of passwords may be bought and sold by various hacker groups or individuals online. Unfortunately for Joe, his account data was stolen in the breach. Eventually, some nefarious person may try and use Joe’s email and password combination with another service—most likely Bank of America.
While this scenario may seem far fetched, it happens more often than you’d think. It’s understandable why people don’t use different, complicated passwords—the cognitive load of remembering complicated passwords becomes difficult after around five.
Password managers to the rescue
Instead of having to remember a bunch of passwords, what if you could remember just one, long complicated password? This complicated password would then open a vault to your other passwords. With this vault setup, it’s possible to have randomly generated passwords for every service, because you only need to remember your one password to access them. Some popular password managers are 1Password and LastPass. With a password manager, this situation changes:
Vault Password: joeSUPERsecret_6745_xrt!
Netflix password: ryFMiNOtJF9qudy
Bank of America password: IxD2zfzxldDMSbX
MobileOps password: jWjvlPAfSYZ7FpA
Target password: KaoGklGWrsE0qmC
In the case of a data breach at Target, a hacker cannot try access any of Joe’s other accounts with his Target credentials, because every service has a separate, unique, and complicated password. Of course, Joe will never, ever want to lose his vault’s password. That’s why he makes it complicated, but memorable (and he never writes it down or saves it in a file on his computer). It has to exist completely in Joe’s head.
In terms of cybersecurity, utilizing a password manager is one of the easiest ways to secure online credentials. It’s definitely not as frustrating or annoying as it may seem.