Passwords

by Wally Moore

on January 13, 2020

in Cybersecurity

Passwords

Passwords are a pain.

I am the first to admit it. Passwords can be a pain in the neck.

I also wonder how effective they are. Really! Are they?

Are they effective?

I mean, despite the world-wide use of passwords, there’s an awful LOT of successful hacking going on.

Don’t the hackers get around the passwords? Break into a company computer system? Steal their company data and then extort the crippled company for money? Yes, they did, and they do!

But very often, the hacker’s success has nothing to do with a password. It’s true. Employee mistakes are a bigger problem.

Don’t forget them and don’t lose them.

For me, passwords are like the keys to my car or my home. I take them for granted and gladly accept the role they play in my life, but only as long as I remember where I put them.

If you’re like most people, you probably misplace your keys from time to time. It’s embarrassing. Not to mention really inconvenient if you’re stuck outside of your house looking at the locked front door.

Or they’re locked inside your car, and you’re standing outside, by the window, looking inside the window of your locked car, with the engine running. True story.

I spotted a funny message on a store-front window.

I changed all my passwords to incorrect, so whenever I forget, it will tell me, “your password is incorrect.”

Passwords are no fun.

All kidding aside, passwords are most certainly not much fun to talk about or write about. It’s only fitting.

But passwords may be one of the most under-appreciated useful tools you can use to protect yourself, your company, and your way of life. It’s true. Why?

Because passwords, specifically strong passwords that meet very specific criteria, protect your data, protect your company and potentially protect everything you hold near and dear.

Like car keys and house keys, passwords protect us. Fine. They’re still a pain.

Fear mongering.

That long rant may sound like hype designed to get your attention. But if anything, it understates the true importance and real value of strong passwords.

Check it out for yourself.

People all over the world search for information on password best practices daily.

Why are so many people all over the world searching for passwords?

Could it be because the daily news cycle is full of cybersecurity crimes? Or data breaches? How about Ransomware attacks? Or company data that was sold (extortion) after it was stolen AND they paid the ransom. Their hard-earned reputation ruined? Extortion of data is cruel.

The answer is yes to all of those and more; much more. That’s why people all over the world are searching for information about passwords. Passwords are very important.

Global theft is getting worse.

Cybersecurity attacks and crime are growing each month globally. There is no end in sight, only an escalation in the number of attacks and the level of sophistication used by professional hackers.

Figures are not yet available for 2019, but check out this Industry Week article from 2018. A 350% increase in Ransomware attacks is how the article begins. That percentage got my attention and it should get your attention too.

Global theft is becoming more sophisticated.

Hackers are becoming more sophisticated by the day, and they are becoming more successful in their attacks. In case you haven’t heard, the word is getting out and the word is, “You better take online security (read strong password protection) very seriously because if you don’t, you may become a very sad statistic.”

Are passwords here to stay? Yes. They’ll be around for a while.

Since the problem is so bad, it only seems logical to ask, “Are passwords going away anytime soon? You know, can’t they get something else working on the problem if passwords are not working!”

We can answer that question about resolving this issue and we will in other posts. But Yes! Other technologies are being developed. However, some of those newer technologies still use passwords.

So, for the time being, passwords aren’t going away.

Some Google searches returned information that sheds light on this subject.

According to Adam Kehler, at Online Business Systems, “People want to see passwords go away and have predicted that for a long time but they seem to keep hanging around. [WE] would like to see them go because they really are not a great way to authenticate users, but we need to address them as long as they’re here.”

Josue Ledesma, of MIS|TI Institute, wrote, “Password security has undergone a significant transformation over the last few years. As a reaction to the insecure form of identity verification that is logging in with a password, technologies such as two-factor authentication (2FA), multi-factor authentication (MFA), hardware keys, password managers, and the use of biometric-based authentication like fingerprint and facial recognition have dramatically changed the way users validate and verify their identity.”

Here at DTS InfoTech, we also say passwords are not going away anytime soon.

Why? Because the newer technologies just mentioned, like two-factor authentication (2FA), multi-factor authentication (MFA), Biometrics, et al. will take time for adoption into the industry.

Across all industries and disciplines, sometimes, newer technologies are just slower to become widely adopted.

Based on our experience in IT Services for small businesses (SMB), I believe passwords will be with us for many years to come. Why? Because most people are honest, hard-working and not thinking about how to steal your money. Because they’re honest, they don’t value or even think that much about passwords. We’ve seen this non-plussed attitude regarding passwords for a long, long time. We get it. It’s understandable and dangerous.

By and large, people don’t value passwords. We tolerate them.

It’s just recently that two-factor authentication is gaining some momentum in terms of being accepted by the public. So, these newer technologies may take time to become widely adopted if they are ever fully adopted — just my opinion, based upon practical experience and observation over many years.

In other words, it takes time for things to change, and this includes passwords.

So, cutting to the chase, you need to create strong passwords. You need to change your passwords every six months and you should not use the same password across multiple web sites.

So, let’s chat about creating passwords.

Strong passwords are very secure. Strong passwords will:

  • Use uppercase letters in positions beyond the first character
  • Use one or two numbers throughout the password, not just at the end and beginning
  • Use punctuation and other symbols as delimiters or bracketing throughout the password
  • Use spaces if the particular system allows
  • Be a minimum of 10 characters in length

Let’s look at some types of passwords that are terrible.

In his very helpful book Perfect Passwords, Mike Burnett says, “From the moment people started using passwords, it didn’t take long to realize how many people picked the very same passwords over and over. Even the way people misspell words is consistent. In fact, people are so predictable that most hackers make use of lists of common passwords just like these.”

Examples from Mike of the worst passwords:

  • ncc1701 - The ship number for the Starship Enterprise
  • thx1138 - The name of George Lucas’ first movie, a 1971 remake of an earlier student project
  • qazwsx - Follows a simple pattern when typed on a typical keyboard
  • 666666 - Six sixes
  • 7777777 - Seven sevens
  • Password – Seriously? Do people use this? Yep
  • Enter – And this one too

Next, let’s look at some types of strong passwords that are very good.

Your password should contain at least three elements. These elements have no specific definition, but they might include characters, numbers, symbols, words, or phrases.

Randomness

Each element is an opportunity for randomness. Randomness is a goal because randomness makes the password harder to crack.

These elements can be loosely related and can sometimes employ repetition if used wisely. Here are some examples:

  • Orchard/mak1ng-pies
  • Flour5&eggs&miLk
  • 2crazy@doghoUse.com
  • Turn left,r1ght,right

Time: The Enemy of All Secrets

You’ve heard it said, “time is money.” Another one is that “time flies.” Some have “time on their hands,” and others have “time to kill.”

However, time and passwords do not mix.

Time is one aspect of password security that you cannot control; you cannot let your passwords get too old. Why?

The primary reason you should regularly change passwords is that password cracking takes time and as time passes the risk of a password being cracked increases. Hackers use cracking software.

Password Pointers: Building Strong Passwords

A simple technique for increasing the strength of your password is just to use more than one word.

Some people would call this a passphrase, but this particular technique is somewhat different. The difference is that you select three or more words that are not necessarily grammatically related but have something else in common.

The technique revolves around picking three words that are related enough for you to remember them easily, but if others knew one of the words, they couldn’t easily guess the other words.

Here are some examples:

  • 33 free trEes
  • Walking, 4taLking, keyring
  • Little-ladle-lady8
  • Chalking4Change-Range

Test your password — 11 questions about your passwords.

Create that perfect password, then give it the Mike Burnett test to see if it passes. If your password doesn’t pass, no worries, tweak it until it passes, and you’re good to go!

Here’s the simple test:

1. Is your password more than 10 characters long?

2. Does your password have a good mix of mostly letters and a few numbers and punctuation symbols?

3. Does your password contain at least three pieces of random information?

4. Is your password completely absent of personal information?

5. If you typed your password in Google, would you get no results?

6. Are you the only person who knows this password?

7. Do you remember your password without having to look it up?

8. If you have your password recorded somewhere, is it in a secure location?

9. Is your password one that has never been used anywhere else?

10. Can you type your password quickly without making mistakes?

If you answer yes to more than nine of these questions, you have Mike Burnett’s approval. Yay!

However

Some in the IT industry recommend changing passwords routinely, like every 6 months. We at DTS think this is overkill (as users tend to create strongly similar passwords with each change, such as incrementing a numeral, which is as insecure as not having changed the password in the first place), as long as you’re following all the other rules above. I know, (remember I said it first) passwords are a pain! But they protect you.

DTS InfoTech Can Help

We’re good with passwords. Seriously, we are. We use them all the time, so do our customers, friends and family. Everyone uses passwords.

On the other hand, most small businesses do not have the expertise, technical resources, or time to understand all this password, cybersecurity, and technology stuff. If this describes you, we can help.

If you would like more information, please give us a call, we’re always happy to chat, and the call is FREE!

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com






GET HELP NOW