Password Safety

by Wally Moore

on February 24, 2020

in Hackers, Cybersecurity, passwords

Part 2

image-86

Password safety. A topic of often-repeated information.

You can and will find numerous articles on the internet about password safety. So be forewarned, there are differing opinions about policies. You will read one article that will state specific requirements on passwords, and then you’ll read another one that will state almost the exact opposite.

Of course, here at DTS InfoTech, we have our own opinions too. Read Part 1 here about our thoughts on Password Safety.

All that said, here is our another offering on the subject.

Passwords in and of themselves are challenging because you have so many things to think about as you create, store and protect them etc. The list goes on and on.

For our general thoughts on this part of the subject please read our post.

Password strategy, like anything else, changes over the years.

For a good primer on the recent changes in password policies please refer to this article about NIST (NIST stands for The National Institute of Standards and Technology) and this article about Microsoft. These organizations are considered as authoritative to say the least!

Protect yourself by protecting your business

Most of us don’t realize there are many techniques used by professional hackers to crack our passwords. We don’t even consider this because we’re honest people. Not perfect, but honest, as in we don’t try to steal passwords for financial gain. Most people don’t do this. Thank God.

To protect yourself from becoming a hacking statistic the best thing you can do is to create strong passwords that make perfect sense to you, but nobody else.

Are strong passwords guaranteed to stop a hacker? No. Those passwords do not exist. But you must do what you can to protect yourself.

So, if you don’t want to get hacked (you probably don’t) practice the following 5 behaviors:

1. Dictionary attacks: When creating a password you should not use words found in the dictionary, or consecutive keyboard combinations— such as qwerty or asdfg or nm<>?.

Do not use slang terms. Do not use common misspellings. Do not use words spelled backward. These cracks rely on software that automatically plugs common words into password fields.

Password cracking becomes almost effortless with a tool like John the Ripper or similar programs. Check it out, this is an eye opener for honest people.

2. Cracking security questions: Many people use first names as passwords, usually the names of spouses, kids, other relatives, or pets, you name it, all of which can be deduced with a little research.

An example of this is if you forget your password. When this happens, and you click the “forgot password” link within the program, you’re sometimes asked to answer a question or series of questions. The answers can often be found on your social media profile. This is how Sarah Palin’s Yahoo account was hacked.

3. Simple passwords: Do not use personal information such as your name, age, birth date, child’s name, pet’s name, or favorite color/song, etc.

In 2016, when 32 million passwords were exposed in a breach, almost 1% of victims were using “123456.” The next most popular password was “12345.”

Other common choices are “111111,” “princess,” “qwerty,” and “abc123.” Again, do not use personal information.

4. Reuse of passwords across multiple sites: Reusing passwords for anything can lead to identity theft. Imagine if you used the same password for Yahoo as you use for your online banking. A hypothetical hack of Yahoo could expose your banking password, the REAL target of the attack.

5. Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information. Examples include random pop-up pages from web sites telling you that “Microsoft has detected your computer is infected…” and to call or contact a phone number for “support”. That warning page comes from a malicious attacker, not Microsoft, and if you respond you could be allowing an attacker directly onto your system. Don’t fall for the trick!

If you do NOT want to get hacked, practice the following 10 easy behaviors:

1. Use different passwords for each of your accounts.

2. Do not allow anyone to watch you when you enter your password.

3. Always log off if you leave your device and anyone is around.

4. Use comprehensive security software and keep it up to date to avoid keyloggers (keystroke loggers) and other malware.

5. Do not enter passwords on computers you don’t control (like computers at an Internet café or library)—they may have malware that steals your passwords.

6. Do not enter passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.

7. Don’t tell anyone your password. Keep your passwords safe and keep them to yourself.

8. Do change your passwords periodically.

9. Do not reuse a password for at least one year.

10. Do use at least nine characters of lowercase and uppercase letters, numbers, and symbols in your password. Remember, the more the merrier.

Some good websites for further research:

How hackable is your password? https://www.cnn.com/2019/04/22/uk/most-common-passwords-scli-gbr-intl/index.html

How to create strong passwords Perfect Passwords, Mike Burnett

NIST password guidelines https://pages.nist.gov/800-63-3/sp800-63b.html

NIST guidelines - we’re only human! https://spycloud.com/new-nist-guidelines/

Passwords: Simple Ways to Increase Your Security https://www.techsafety.org/passwordincreasesecurity

DTS InfoTech Can Help

We’re good with passwords. Seriously, we are. We use them all the time, so do our customers, friends and family. Everyone uses passwords.

On the other hand, most small businesses do not have the expertise, technical resources, or time to understand all this password, cybersecurity, and technology stuff. If this describes you, we can help.

If you would like more information, please give us a call, we’re always happy to chat, and the call is FREE! Calls are always free.

Return to: Passwords

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW