LUCKNOW It’s like Charles Dickens wrote in “A tale of two cities” -- it was the best of times, it was the worst of times. On one hand, multi-factor authentication and technologies like facial recognition, fingerprint scans, and OTPs, among others have fortified our cyberspace, and on the other, incidents of online crimes are recording an unprecedented rise with bad actors often managing to find chinks in the armour. The latest NCRB data revealed that U.P. is second only to Telangana in cybercrime cases in the country. (Representational photo)

The dichotomy is, unfortunately, more apparent in Uttar Pradesh, where cyber thugs seem to be on a spree. In the last three years, U.P. has recorded more than three lakh cyber crime cases, according to IPS Triveni Singh, superintendent of police, cyber crime cell. The latest NCRB data also revealed that U.P. is second only to Telangana in cybercrime cases in the country.

The Password Conundrum

Despite the alarming spike in online frauds, not many netizens secure their online accounts with strong alphanumeric passwords -- which is probably the most fundamental step to ensure cybersecurity. Even the few who take the trouble of coming up with uneasy-to-crack passwords end up using the same (or similar variations) for several accounts. This common practice was recently flagged in a U.P. Police report -- Overview of Cyber Crimes -- which urged people to keep strong passwords while highlighting how “key logging” and “hacking” have emerged as the two common methods to crack passwords and subsequently, carry out online frauds, web identity thefts, and other such crimes.

“U.P. has a record number of cybercrime cases reported due to low level of cyber awareness among victims and law enforcement. Using weak and simple passwords is a recipe for data breaches, account takeovers, and other forms of cyberattack. While simple passwords are a big ‘no’, remembering a complex password for every account and website is virtually impossible,” said Kiran Vangaveti, founder and CEO of BluSapphire Cyber-Systems.

According to cybersecurity firms, people still opt for poorly-thought out passwords like -- “123456”, “password”, and “qwerty”. Some even go for gems like “111111”, “123456789”. The negligence is nonplussing at a time when password security issues account for 80% of all data breaches globally, according to Verizon’s 2022 Data Breach Investigations Report.

Expert View

“People use weak passwords as they are easy to remember. Also, we are often required to change passwords frequently, and for convenience, people tend to choose simple variations of their previous passwords, which can also easily be guessed by hackers. One way to deal with the problem is using a password manager, which is a tool that stores all your passwords in a secure, encrypted database. This way, you only have to remember one master password to access all your other passwords. Another way to create strong and memorable passwords is to use a passphrase. A passphrase is a sequence of words or a phrase that you can easily remember, such as ‘mycatiscool23’,” said Pranav Dwivedi, founder at Netratvshaala.

Floating a few more ways to deal with the password conundrum, Rahul Tyagi, co-founder at Safe Security, said, “Yes, using a password manager is a good option but if your master password is compromised then your all accounts will be compromised. So, it is not advisable to save passwords in browsers like Chrome as today’s malware programmes can steal saved Chrome and Firefox passwords easily. Using multi-factor authentication, which adds an extra layer of security, can make a huge difference.”

Another cybersecurity expert Shruti Shreya, who is also the programme manager at The Dialogue, opines that in states like U.P, which has a large section of rural population as well as tier 2 and 3 cities, sensitisation measures are necessary. “The awareness level of the masses is comparatively lower in U.P. and greater empowerment initiatives must be adopted in the state by both government and civil societies. It is best to use long passwords with 10 characters or more with a good mixture of letters, numbers (letters both uppercase and lowercase), and symbols.”

Oblivious to the Obvious?

Security and data protection measures are futile without finding solutions for human vulnerabilities and one of those areas is password protection. Weak, reused passwords which are used across websites and over time, shared with friends and compromised to malware, lead to consumer safety being jeopardised. While the aforementioned is common knowledge to a majority of computer and smartphone users, people very often choose to remain oblivious to the obvious. Multi-layer security should not be an excuse to easily guessable passwords just like you don’t stop locking the door at night even when the city’s crime rate drops. Or do you?