South Africans know all about security, from closed-circuit television cameras to electric fences and armed reaction. The country’s high levels of crime mean those with the means to do so live in virtual fortresses, panic buttons at the ready.
It’s time we took our personal cybersecurity just as seriously as we take protecting our homes and businesses from criminals — and it’s not as complicated as you might think to protect yourself against cybercrooks intent on stealing your passwords, getting into your bank accounts or holding you to ransom.
Most people know by now to be careful of phishing e-mails, which are designed to trick them out of their login credentials. Yet many people are still not doing the basics right when they’re online.
Cyberhygiene best practice starts with good password management, something too many people ignore or don’t take seriously enough, perhaps because they think it’s too complicated. Passwords like “letmein01” — which a machine could crack in seconds — are only part of the problem here: many (perhaps most) people use the same password across websites, meaning if one platform suffers a breach (which you might never even hear about), all your accounts might be compromised.
In short, you should have unique passwords that aren’t easy to guess — preferably a lengthy jumble of random upper- and lowercase letters, numbers and special characters generated by software.
But no-one can hope to remember dozens or more different and lengthy passwords. The solution — in fact, almost a requirement of computing in 2025 — is a good password manager. It should form the cornerstone of any personal cybersecurity initiative. There are free ones — some of these, like Bitwarden, have good reviews — as well as subscription options that typically set you back a few rand a month.
I use Dashlane, and have for years. It’s reasonably priced (and this is one piece of software I prefer to pay for), works well and has never suffered a breach. But there are other good ones to consider — the important thing is to download one and get started.
The future is passwordless authentication — a world where you’re never asked to create a password again
Password managers work by employing a combination of a highly secure master password — possibly the only one you’ll ever have to remember — and two-factor (2FA) or multifactor authentication (MFA) to ensure your accounts are kept as secure as possible.
Just don’t write down the master password — commit it to memory.
While password management services have been breached in the past — witness LastPass — the benefits of using a good password manager exceed the potential risks.
Still, to protect yourself further, you should always enable 2FA and MFA, especially on more sensitive accounts like Google or Facebook. Usually, this involves entering a code from an authentication app, like Google Authenticator, or simply scanning your fingerprint on your phone to confirm that it is in fact you logging into your bank account.
Good password managers will let you know if one of your accounts has been compromised and will suggest you change it (and can even sometimes do this for you).
The future, however, is passwordless authentication — a world where you’re never asked to create a password again. That future is already here, in the form of passkeys. These promise to banish passwords to history and offer a faster, more user-friendly and — most importantly — safer way to sign into websites and apps.
A passkey is a cryptographic key pair: one public key is stored on the website or service, and one private key is stored securely on your device. When you log in, your device uses the private key to prove your identity — typically through biometrics (like your fingerprint or a facial scan) or a PIN code. You never type a password, and nothing secret gets sent over the internet. Major password managers support them too.
Passkeys are resistant to phishing scams as they work only on the site or app they were created for, making it difficult (if not impossible) to be tricked by lookalike websites. Unlike passwords, passkeys are also not shared with online services, so they can’t be stolen. And they’re convenient: using them is as easy as unlocking your phone.
Many websites offer passkeys alongside passwords and 2FA/MFA. Eventually, the idea is that passwords will be phased out, but that may take years. In the meantime, it makes sense to use passkeys on platforms that support them — and major players such as Amazon, Apple, Microsoft and Google already do.
You wouldn’t leave your front door wide open. Don’t chance it online.
McLeod is editor of TechCentral
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.