Connected

Tech-016-300x225

 

Cybersecurity Checkup© for October

 

Password Alert

This month I want you to take a few minutes to think about your passwords, and why it may be time to not only change them, but to change the way you create them.

I have always been adamant about changing our passwords, since the very beginning of our digital life; and I have always had complexity in the passwords, which included all the common recommendations from password length, to capital letters, numbers and symbols on the keyboard. I have used different passwords for the social media sites, bank sites, healthcare sites and insurance sites. We even change our passwords throughout the year.

However, my view on password complexity has recently changed.   I was sitting in a security event, and a new software password cracker tool was used that incorporated an algorithm that was able to crack very complex passwords quickly, because they were unique! The software tool used a brute-force attack that went quickly through letters of the alphabet, numbers and keyboard symbols and in less than an hour had the password shown on the screen. What was interesting is that the password had been comprised of what we in the security industry would consider a strong password.

Common type of password hacks are brute-force, common word, and dictionary attacks, and you may be surprised to find out, that many breaches happen due to a hacker having a person’s email and password. The IT security industry has tried to deploy security controls in a business enterprise, to combat credentials being stolen.   Password security controls today include Enterprise Single SignOn, which allows a user to access multiple systems using just one password, and software agents on endpoints, which do not allow you to use the same password that you use for work, on social media sites, or even a password manager that sits on desktops, laptops, or mobile devices and can provide a list of your passwords in an encrypted file. Additionally, we now have security controls that provide multi-factor authentication, including bio recognition, such as a finger print, with geolocation services.

But what about the home user; what can keep you safe, considering that you are not going to invest in an enterprise security tool?

While I continue to read and see that the digital security world has not caught up and is still requiring the typical password security strength for certain applications, I would recommend password phrases.   Password phrases can first and most importantly be easy to remember. Such as; I like cake. Very easy to remember! The spaces act as a special character to a brute force attack, and can literally take ten times longer to crack than, il1kecake. The second most important rule to remember about password security is to use different passwords for different sites. Social media sites, including Twitter and Linkedin have been repeatedly hacked. Once a hacker knows your password from Facebook, do they then also know your banking account credentials? And thirdly, change your passwords throughout the year. It does not have to be every ninety days, but you should think about changing your passwords at least once a year, say in October. The simple tips above should keep you safely connected.

Leave a Reply

Your email address will not be published.




Art


Copy Protected by Chetan's WP-Copyprotect.