Security experts have warned consumers against buying their loved ones “username/password” organizers this Christmas as it encourages poor security practice.
Various retailers including Amazon, Etsy, and Blackwell’s are selling the pocket-sized notebooks, advertised as being a “convenient place” to store all one’s online log-ins.
While these items have been selling for a few years now, security experts are becoming increasingly vocal about their concerns in light of rising cyber-threat levels.
ESET security specialist, Mark James, argued that users should be looking to online password managers rather than physical log-in organizers like these.
“We do need all the help we can get, but we also need to consider the dangers of stockpiling information that others could gain access to,” he said.
“If it were to be lost, then anyone finding the item would be able to use the data to compromise your accounts. A notebook listed in alphabetical order loudly shouting 'logins and passwords' is waiting to be lost or stolen.”
Bill Evans, senior director at One Identity, added that an item labelled “password logbook” might as well be called “steal my identity here”.
“If you have to write your passwords down, don’t advertise their location by using a book that screams, ‘PASSWORDS HERE’. By all means, utilize multi-factor authentication everywhere you possibly can. Don’t let the Grinch steal both Christmas and your identity during the same holiday season.”
The need for multi-factor authentication options on more websites was given added urgency last week after dark web researchers found an underground database containing a staggering 1.4 billion breached credentials.
To make matters worse, the trove of log-ins is set-up so that cyber-criminals can easily search and locate what they’re looking for.
Researchers investigating the database found the most common passwords to be “123456” — featured over 9.2 million times.