What is secure password management? Start your security measures today

Without proper password management, there is a greater risk of attackers logging in illegally, leaking information, and fraudulent use of credit cards. This article explains in detail the importance of password management and how to do it.

Why do we need to manage passwords?

Why is “password management” necessary? Proper password management strengthens security, reduces the risk of unauthorized access and information leaks, and protects important information assets .

(“Password management” refers to methods and tools that allow users to safely and efficiently manage passwords for multiple online services and accounts.)

We use many online services on a daily basis, including email, social media, online shopping, and internet banking. These services contain our personal information . If the authentication information (ID, password, etc.) used to access online services is stolen by a malicious third party, they could use your credit card or internet banking account fraudulently, withdrawing money without your permission or making purchases online without your knowledge.

The cause of unauthorized access cases is poor password management

In fact, according to a report released by the National Police Agency, the number of arrests for unauthorized access reached 502 in fiscal year 2023, of which 91.2%, or approximately 450 cases, were due to “identification code theft (illegible use of someone else’s ID or password).” Furthermore, of the approximately 450 arrests, 42.7% were found to have been “obtained by taking advantage of lax password settings and management by authorized users.” Specific examples include:

A 43-year-old male office worker provided his former employer’s business card management system ID and password to a colleague at his new workplace between June 2021 and September 2022, and then used the ID and password for his own company’s business card management system without permission to gain unauthorized access. In September 2023, the man was arrested for violating the Act on the Protection of Personal Information and the Act on Prohibition of Unauthorized Access to Computer Systems.

Common password management methods

How do you usually manage your passwords?

There are many different ways to manage passwords, such as…
However, in today’s world where using the internet is essential, can we really say that the password management methods we have given as examples are safe?
In the next chapter, we will introduce how to manage passwords in a rapidly changing society.

How to manage secure passwords

The leakage of personal information and account hijacking due to unauthorized access are serious problems. To avoid these risks, it is important to set a strong password and not reuse passwords across multiple services.

Don’t reuse passwords

If you reuse the same password for multiple services, an attacker who targets multiple services is more likely to be able to access them by exploiting the same password. As a result, people who use the same password for multiple services will suffer greater damage and have more of their personal information leaked than people who create passwords for each service.

Therefore, do not reuse passwords and make sure to use a different password for each service.

Characteristics of a weak password

If you set different passwords for each service, you may gradually lose track of what words you should use as your passwords, and end up using words that are easy to guess, such as your birthday or your name.
In fact, this is a very dangerous act.

According to the Ministry of Internal Affairs and Communications’ “Cybersecurity Site for the Public,”

It is believed that passwords containing this information are easily cracked and dangerous.

Therefore, it is preferable that the password be a fairly long, random sequence of alphanumeric characters, consisting of at least 15 characters , and that it contain a mixture of numbers, symbols, and alphabets (uppercase and lowercase).

Instead of creating simple passwords that are easy to guess, such as a person’s name or date of birth, try to create passwords that are somewhat complex and difficult to guess.

However, it is extremely difficult to safely manage each and every registered password yourself. The more you try to manage them well, the more likely you are to use simple characters or birthdays as passwords to make them easier to manage, which can result in mass-producing passwords that are easily cracked.

For password management, we recommend using a “management tool”

If you’re someone who wants to manage your passwords securely but doesn’t know what tool to use,
we’d like to introduce some useful tools to help you solve this problem.
These are password management tools such as Google Password Manager and iCloud Keychain .

So, it handles a lot of the password management for you, from password generation to password management.
Why not give it a try?

How are passwords stolen?

Attackers use a variety of techniques to steal passwords.

Password list attacks

This is an attack in which an attacker attempts to log in to specific accounts using a list of passwords that they have collected in advance.

Dark Web

The dark web is a highly anonymous website that can only be accessed using dedicated browsers and tools. As a result, highly illegal data and products are traded there, and the lists of login IDs and passwords for sites and systems used in the password list attacks mentioned above are one example of this.

Social Engineering

Social engineering is a technique that cleverly exploits human psychology to steal important information and personal information needed to log in to systems and services. For example, this applies to fraudulent acts such as phishing attacks, in which a malicious third party poses as a trustworthy institution or individual in order to fraudulently obtain personal information and authentication information from users.

What are the risks if my password is stolen?

What are the risks if an attacker steals your password?

Leakage of personal or confidential information due to unauthorized access

The leakage of personal and confidential information in a company is not merely a technical issue, but poses a risk of serious impact on the entire business. In particular, the leakage of personal and confidential information due to unauthorized access not only significantly damages the company’s credibility, but can also lead to legal liability and economic losses.

Specific examples of risks include:

Spoofing by attackers

Attackers may use stolen passwords to log in to your account and misuse it. For example, they may impersonate you and send malicious messages or post on social media. If your social media
account is hijacked and inappropriate posts are made under your name, you may lose the trust of your friends, colleagues, and business partners. Furthermore, if a company’s account is hijacked, the company’s reputation may be damaged.

To avoid this type of damage, you must keep your passwords secure.

Credit card fraud

Attackers can use stolen passwords to make fraudulent transactions and purchases using credit card information linked to your online accounts.

Unauthorized use of internet banking

There is a risk that the account information and credit card information linked to the service may be misused and used fraudulently for online shopping, etc.

What to do if your password is stolen and used fraudulently

We will introduce what to do if you are notified by the service provider administrator that your password has been stolen, and what to do if you notice unauthorized use.

If you receive a call from the service provider

If you receive a message from the provider, follow their instructions to change your password and update your login information.
In addition, if your credit card has been fraudulently used, you will receive information about refunds, so be sure not to miss any messages from the provider.

If you notice any unauthorized use

If you notice any unauthorized withdrawals or credit card usage, immediately contact your bank or credit card company and have them freeze the account. Also, your usage history may reveal which service the data was leaked from, so in that case, contact the service provider and explain how you noticed it and ask them to check the situation.

Multi-factor authentication to be used in conjunction with password management

Multi-factor authentication (MFA) is a security method that uses multiple different types of authentication factors to verify a user’s identity when accessing a system or account.

What does the “multi-factor” in multi-factor authentication mean?

This means that setting up multi-factor authentication improves security compared to using only a single authentication factor (for example, ID and password) , and even if your password is leaked to a third party, the risk of unauthorized login is significantly reduced.

summary

Password management is the first step in protecting your information assets.
Once your password is leaked, you run the risk of being involved in various types of damage, such as identity theft, leakage of private information, and fraudulent use of credit cards.
To avoid becoming a victim, it is important to practice optimal password management.