Singaporeans lead digitally enabled lives, which isn’t surprising considering that Singapore is one of the most digitalised countries in the world. From the government’s e-services like Singpass to on-demand services like Grab and various online banking platforms, the use of online apps is woven into the lives of Singaporeans, making digital identities essential. Although these digital identities are easy to create, the same can’t be said for remembering the passwords required for each.
The more dangerous issue around passwords is actually the cybersecurity challenges they pose. Because many people have problems remembering different passwords for their numerous online accounts, they resort to using weak, easy-to-guess passwords. These can be easily cracked by hackers, posing a consequential threat to personal data and security.
Within the last two years, Singapore saw 33,747,180 data breaches, further highlighting the need to exercise greater personal data protection measures, according to Surfshark’s Global Data Breach Analytics.
The psychology behind password choices
When evaluating password choices, people generally fall into two groups. The first is proactive and organised; the security of their personal information is at the top of their mind. Naturally, this group is less likely to fall victim to hackers. The second group, however, tends to assume that their accounts aren’t valuable enough to be targeted. These individuals tend to have passwords that are more common or easy to guess.
This tendency towards weak password choices is evident in the most common passwords used in 2023, as per NordPass:
- 123456
- admin
- 12345678
- 123456789
- 1234
Age-old passwords: Are they safe to use?
Many people stick to familiar passwords for years. For example, it’s common to see older Singaporeans repeatedly using variations of their names or birth dates.
While two-factor authentication (2FA) can be enabled, it’s not yet a common practice. According to the FIDO Alliance, password usage without 2FA is still dominant, with users manually keying in their passwords nearly four times a day, or 1,280 times a year. Constant reuse of old passwords is dangerous and makes Singaporeans much more vulnerable to online scams and data theft.
Why do users choose convenience over security?
- Infrequent use of passwords: Registering for an account has become a necessity to access most things on the internet, which requires creating a password. Using multiple accounts makes it even harder to remember passwords if each has its own unique password. Because of this, users often save passwords for frequently used accounts on their devices, neglecting the rest. However, saving passwords on devices is risky, as it allows anyone with access to the device to access those accounts without consent.
- Too many accounts: Having various accounts with different usage frequencies makes it hard for users to recall all passwords. Because of this, many people use a common password for multiple accounts, which simplifies the login process for users — but also hackers.
- Rule-compliant passwords are harder to remember: Creating strong passwords is essential to protect against cybercriminals. According to the Cyber Security Agency of Singapore (CSA), strong passwords should be at least 12 characters long and include a mix of upper and lower case letters, numbers, and special characters. Organisations also have stringent password policies that must be followed. The days of settling for short passwords are long gone; previously, one could create a password using their nickname, birthdate, or mobile phone number. Nowadays, all users must adhere to these specific rules to keep their online accounts and personal information safe from cybercriminals.
- Resetting passwords is always an option: People often do not bother memorising passwords because resetting them is easy. However, the situation would be highly chaotic for both users and organisations if the option to create or retrieve passwords didn’t exist, which is sometimes the case.
- Easy-to-access password storage preference: Storing passwords in an easily accessible place, like a desktop spreadsheet, is unsafe.
The solution
According to the CSA, users must ensure their online passwords adhere to the following guidelines to guard their accounts more effectively:
- Make it at least 12 or more characters in length.
- Use five different words that relate to a memory unique to you. For example, “Learntorideabikeatfive.”
- Use uppercase and lowercase letters, numbers, or symbols to make it even harder to crack. For example, “LearnttoRIDEabikeat5.”
- Enable two-factor authentication (2FA) whenever available.
These recommendations can be challenging to implement, but password managers can help. They are designed to help users create customised, compatible codes for every site. Such tools also record and auto-fill passwords as well as notify users when credentials need to be updated. Adding to this, password managers are more secure than storing passwords on devices, as users are required to log into their password manager to access their stored credentials.
Password managers are simple to use, efficient, and most importantly, encrypted. By adhering to these guidelines and incorporating password managers into their routine, Singaporeans can enhance their online security and make managing passwords less daunting.
