Today’s Post is from Zack Moody, Security Engineer
In last month’s customer newsletter, I gave out a few basic nuggets that I noticed walking through an airport, but this entire series in a nutshell is ‘Cyber Safety.’ In this post I thought I would dive a little deeper into one of the topics of discussion from last month’s article, ‘Choosing the right password’.
Protecting your identity
I think we all talk a pretty good game about thinking before we speak or not reacting so fast, but do we really think before we click? The world has become a super busy place, and with information at everyone’s fingertips, it’s only getting worse. However, we need to make ourselves take the time to make safe decisions online. Are we sure about where that link or URL is going to take us? Does that attachment in the email from your cousin’s neighbor look fishy? What about those forms you fill out for some new trial of anti-aging medicine? How about using ‘iloveyou’ as your banking password, instead of taking the time to type out something a little more complex? Is that time saved really worth the possibility of having your accounts drained or identity stolen?
Password Testing & Manager Tools
One of the easiest forms of protection, yet widely overlooked, is your common password. Yes, I said it! Some people cringe at the sound of passwords…just another something that I have to remember and keep up with! A strong solid password is your front line of security against compromised data. Here a few places to test the strength of your password…give it your best shot:
How many accounts do you have that require a password? I am sure that list gets longer and longer every week. How many of you use the same password and/or username for each of those sites? Not good…if that attacker can get into one account, more than likely they can get into the other with a little bit of research. How about using common names for passwords? In a 2013 study by Google Apps, your current pet’s name hit the number one spot! How frequently does your pet pop-up on Facebook or Instagram? Some others that made that list were place of child’s birth, child’s name, and favorite holiday destination. The best practice is to pick a unique password for each account, but wouldn’t that get even harder to keep up with? Why not make it easier on yourself and get a password manager!?
These are some of the best. Not only do they store your passwords and credit card numbers for any site, but it also has a super-secure complex, password generator.
When creating passwords, you probably know to mix regular characters with digits and punctuation. However, when acceptable, are you using spaces and underscores to construct phrases or even full sentences? Please do not get suckered into substituting letters for numbers and think that it’s a secure password! We all know that trick, so don’t you think that savvy hackers know it to? Not always are you going to get a site that gives you much freedom, but when you do…go crazy! The key here is that it won’t take you much longer to type out a long complex password than it would a simple one. However, it will take a malicious hacker an extremely long time to crack. By just using eight characters you could generate 6.1 quadrillion password combinations, according to research by Paul Lee at Deloitte. However this still does not give you a one up on how quickly super computers can sort through them. Research done at a password conference found that running password-cracking software distributed across five strong servers, were able to sort through 348 billion password combinations a second. At this rate they said a 14-character Windows XP password would be cracked in just six minutes!
As technology gets more advanced and computers get faster, the time it takes to break a password will get much easier. Biometric identifiers will become closer to the average user implementation and less expensive. With some Biometrics being biologically impossible to re-create, that will be become the new key to securing your data online.
Most Common Passwords of 2013
This is a list compiled by SplashData of stolen passwords and shared online by malicious hackers:
In the next article, we will discuss passwords a little more as something you know, but combined with something you have…Multi-Factor Authentication. I hope this has been informative for you, and as always, if there is anything you would like to know or hear about in the next or upcoming segments, then feel free to reach out to me.