Research has shown that even the strongest passwords can be cracked by hackers in minutes. So relying on passwords to protect your accounts offers little-to-no value.
The problem is that people are relying on password managers to secure their accounts, and actually paying for them. This creates a false sense of security since it’s been proven passwords do not work, no matter how strong.
What’s worse is that password managers create a larger systematic risk since they centralize many people’s passwords in a single location. Think about it. If you were a hacker, would you rather hack individual accounts one by one, or target a large number of passwords all in one basket? Password managers could be the next big target for a hack like Equinox. In fact, they have already been hacked not just once but a few times. As cloud computing becomes cheaper over time, it will only get easier and easier to hack passwords.
Therefore it’s critical to at least use 2-factor authentication (2FA) to secure accounts, but unfortunately, they also have critical vulnerabilities related to SIM swap attacks and authenticator apps weaknesses. Compounding this risk is that now password managers provide the option to store 2FA TOTP tokens in their products as a “convenience”. This eliminates the entire point of 2FA, creating a house of cards as scary as the subprime mortgage crisis!
So what should you do? Yes, password managers are better than using the same password across different accounts. But that’s like having no lock on the front door of your home and you hope the door latch will keep criminals out. Adding 2FA is like adding a basic lock to your front door. At least your door is locked, but unfortunately, it can also be picked open if someone really wants to get in.
VoiceProtect does offer a solution using 3 factors to address this issue. It uses voice biometrics as the third factor and overlays on top of passwords and SMS 2FA. Using the analogy from above, VoiceProtect is the equivalent to adding a heavy-duty deadbolt to your front door.
Whether you are ready to use 3FA or not is a personal preference. But it is important to understand the risks with passwords and password managers.